1. Corporate policy tops the list of fundamental internal and external security practices. Think about your security practices and goals, formulate a policy and put it in clear writing.

2. Regularly conduct employee education and awareness training to keep employees updated on all aspects of company security and how they can be a part of it.

3. Engage in periodic security testing and assessment to evaluate how your perimeter and internal security stack up against your policy. Make sure you use consultants who take a structured approach and lack a vested interest in the outcome of the project.

4. Don't forget about the simple aspects of physical security. Control access to electrical closets, servers, telephone rooms and wiring hubs as much as you do to data centers.

5. Consider outsourcing your security to a specialized company that will work with your existing IT staff. These firms may be better equipped to manage your security on a 24x7 basis, although you'll need to give up some control over a portion of your business.

- Winn Schwartau