Existing Federal and State legislation regarding property crime has been inadequate for dealing with computer crime. The Comprehensive Crime Control Act of 1984 represents a significant improvement over previous laws, but it is not comprehensive enough. It needs to be broadened to prohibit computer crimes perpetrated against entities other than the Federal Government. About 35 States have enacted computer crime legislation, most specifying that the forbidden conduct must be willful or knowing. Such legislation gives specific guidance to prosecutors and courts and will inform and deter many technologists who may be unaware of the harm resulting from certain uses of their knowledge. Legislation must be complemented by revised security measures that recognize the differences between computer crime and other property crime. Many businesses are unaware of the risks or of the value of their data. Developing a security system should start with a risk analysis. The security system must address four areas: data security, software security, hardware security, and communications security. Implementation should start with physical access control and should also include intrusion detection, personnel security, and safeguarding of the power supply. Passwords, data encryption, and other security approaches should be used to limit access to computers and data. 191 footnotes.