Consult with your legal counsel to determine legal options and liability in the event of a security incident.
Consult with your insurance carrier to determine if your insurance covers losses from break-ins. Determine if your insurance covers business interruption during an investigation. Also determine if you will be required to institute criminal or civil action to recover on your insurance.
Replace any "welcome" messages with warnings against unauthorized use.
Put explicit copyright and/or proprietary property notices in code startup screens and source code. Formally register copyrights on your locally developed code and databases.
Keep your backups separate from your machine.
Keep written records of your actions when investigating an incident. Timestamp and initial media, printouts, and other materials as you proceed.
Develop contingency plans and response plans in advance.
Define, in writing, levels of user access and responsibility. Inform your users what you may monitor. Have all users provide a signature noting their understanding of and agreement to such a statement. Include an explicit statement about the return of manuals, printouts, and other information upon user departure.
Develop contacts with your local law enforcement personnel.
Do not be unduly hesitant about reporting a computer crime and involving law enforcement personnel.
If called upon to help in an investigation, request a signed statement by a judge requesting (or directing) your "expert" assistance. Recommend a disinterested third party to act as an expert, if possible.
Expand your professional training and contacts by attending security training sessions or conferences. Consider joining security-related organizations.
Be aware of other liability concerns.
Restrict access to cryptographic software from the network.
Restrict or prohibit access to material that could lead to legal difficulties. This includes copyrighted material, pornographic material, trade secrets, etc.
Make sure that users understand copyright and license restrictions on commercial software, images, and sound files.
Make your users aware of the dangers of electronic harassment or defamation.
Make certain that your legal counsel is consulted before you provide locally developed software to others outside your organization.