A central theme is the prevention of data loss. Guidelines for policy are suggested that would incorporate a plan for dealing with disaster. The plan should include documentation of all hardware and software, personnel and responsibilities, and how systems may be used--and abused. An important component of security policy is disciplinary measures against employees who abuse the system. In an example of bad practice, a temporary typist brought to an office a floppy disk that contained a virus which corrupted the data in the entire system, causing considerable loss of money and clientele. Suggestions for storing and backing up data are offered. Appendixes contain, among other things, a list of computer product suppliers and consultants, and computer-related disasters.