The first step is to itemize critical computer assets related to hardware, software, and information files. The second step is to identify the most likely and most serious risks associated with each asset (i.e., fire, water damage, theft, or electrical damage). Next, one should minimize exposure to these risks through some combination of measures, including backing up data, having all employees sign confidentiality statements, installing antivirus software, preventing hacker damage, protecting against electrical surges and failures, ensuring proper maintenance and physical security, and taking out insurance. Finally, the office computer security specialist should test the program and schedule regular computer security program reviews.