This week, eight tips for protecting your business from computer-related risks ranging from natural disaster to malicious attacks. 

If you're a one-person business, make sure you've covered everything on the list.  If you run a larger business, use this list to double-check your information technology department's planning.

1) Plan for the worst.

The only question is "when", not "if". Hard drives WILL fail.  The only question is when.  Lightning strikes can instantly destroy electronic equipment (happened to one of our clients). Computers can be stolen. 

The lesson:  Make and TEST daily backups of key data: financial and customer records, critical documents related to your products and services (for example, proprietary workbooks you use in your programs) and anything else mission-critical to your business that couldn't be easily and quickly recreated.

"Test" means that you should try to restore a few key files periodically to make sure your backup and file recovery processes actually work.  Even larger businesses with an information technology department should check to make sure backups can actually be restored.  Believe it or not, we know of several examples where the IT department thought it was running backups properly but was not able to locate and restore them in a pinch.

And make sure you have backups somewhere other than your primary business location.  Fire, flood, tornado - it can all happen.  If your business has multiple locations, tell your IT staff to keep a full backup at each location.  If you have only one location, an online backup service is extremely affordable - and some are even free. 

Good options include: Mozy.com, Carbonite.com and free online storage offered by AOL's Xdrive.com and Box.net, among others.

2) Clean up after departed employees.

We've seen situations where current employees were using passwords of former employees to access information inappropriately.  We've also seen e-mail accounts of former employees become black holes for customer and supplier e-mails.  These unsuspecting folks continue to send them e-mail, but the company no longer has anyone checking that address.

The lesson: when employees leave, immediately redirect their incoming e-mail, change their passwords, and delete their user accounts. 

Here's another reason to disable and redirect the e-mail accounts of former employees. Employees also sometimes set up their business e-mail account to automatically forward everything to a personal account so that it's more convenient to check e-mail at home, for example. 

3) Teach your staff to use strong passwords.

It's much better to use a strong password. 

What's a strong password? 

Pick at least eight characters with a combination of letters (ideally, a mix of upper and lower case), numbers, and symbols.  Avoid using real words and obvious words, like your name, your spouse or partner's name, your pet's name, your city, your birthday, your favorite sports team, etc.

Update sensitive passwords regularly.  Examples include financial applications on your PC or online and online services with credit card information. And don't simply pick two passwords (say, dallascowboys1 and dallasmavericks1) and switch back and forth between them.

4) Install software patches and updates regularly.

We've talked with customers whose computers essentially died because their anti-virus definitions had not been updated in three years and they were infested with malicious software.

Software patches are updates for your operating system (usually Microsoft Windows) and the applications you run on your computer.  Many patches fix potential security problems.  They can also improve the performance and stability of your operating system and the applications you use.

It's critically important that you keep your operating system, firewall, anti-spyware and anti-virus definitions up to date. 

It's a darn good idea to keep everything else updated as well.

Most applications can be configured to automatically check for and install updates.  We suggest you use these features unless you have an in-house information technology department who has established other guidelines.

5) Monitor click fraud.

If your health or wellness business advertises online using tools like Google AdWords, you're at real risk for click fraud.  Click fraud is the act of purposely clicking ad listings without intending to buy from the advertiser. Since you pay per-click, it costs you money even though these clicks are bogus.

Services like ClickForensics.com (free for small businesses), ClickDefense.com (offers a free trial), WhosClickingWho (free trial) and ClickFacts can spot click fraud so that you can get a refund from your provider.

Pay-per-call ads offer an alternative that's less susceptible to fraud.  This approach requires that you have a reliable customer-friendly process for either taking messages or handling live calls.

6) Must-haves: firewall, anti-virus software, and anti-spyware software.

Every business computer should have a firewall, anti-virus software and anti-spyware software installed.  While Windows offers some built-in security features, you may find that third-party products offer more protection.

For individual computers, we're currently recommending Norton Internet Security 2007 as the best combination of convenience and security in a single package (and as always, our recommendations are objective.  We don't take money from vendors to praise their products). 

Other good choices include Zone Labs' firewall, Norton's standalone anti-virus product, and SpySweeper's anti-spyware tool.  We also recommend MailFrontier's anti-spam software for e-mail filtering to help protect you against spam (unwanted e-mail), phishing (attempts to get you to reveal your personal data) and other malicious activities.

For networks, Norton's antivirus tools, Symantec's Brightmail and MailFrontier are all good choices. These tools are also available in perimeter security solutions and centrally-managed versions suitable for larger installations.  Talk to a trusted IT professional for more details on protecting your network.

Remember, though:  your security software is only as good as the last update.  You absolutely must install new definitions and patches when they're available.

7) Shared and public computers need special attention.

Many health and wellness businesses have computers in areas easily accessed by just about anyone - at a front desk, for example.  These systems need special security attention. 

One of the easiest and quickest ways to protect accessible computers is to use a password-protected screensaver.  This function is already available in Windows.  You can also install software that automatically logs the user out after a predetermined amount of time so that no one else can access the system.  And depending on what the computer is used for, consider disabling its Internet access and its connection to your internal network.  Talk with your local PC expert or your in-house staff for more suggestions.

If a shared or accessible must maintain an Internet connection, it's especially important that the security software we specify elsewhere be continually updated with the latest definitions and patches.

8) USB flash drives and other micro-storage devices.

These tiny "keychain" drives are smaller than a pack of gum.  Yet they hold huge amounts of data.  And they're designed to be portable.  That's the good news.  In fact, they're a great way to make a fast backup of key data that you can simply take home at night for offsite storage.

Here's what to watch for:  it's incredibly easy for your data to walk out the door on one of these drives and simply be lost, or tucked in a ticked-off employee's pocket.