Hey, where's my power?
Hackers do not just try to get passwords and access. They also attempt to cause problems by assuming your identity and cutting off your phone, electrical, and Internet services.
This may sound overboard, but it's not. For every account you have remotely touching your Web site, your physical plant, even your personal life, set up a password with that provider of services and change it frequently. Without this, people can call up, say they're you, and have your service cut off. It has happened; don't let it happen to you.
How do you know you've been hacked?
Keep tabs on suspicious activities by using software packages with Tripwire features or even monitored dummy accounts, and by religiously checking those logfiles and multiple logging systems, especially those actually stored on other machines.
Designing and closely monitoring software and files with obvious "dummy" user IDs and passwords (and other such data goodies a hacker might find too tempting to resist) has proven effective. The Cuckoo's Egg is probably the most famous book that gives a detailed account of hackers being gullible and falling for just these types of methods.
Tools that serve as your best security guards include firewalls, software protection and authentication tools, careful Web site design and coding, system testing tools, and a constant attentiveness to system health and welfare and to the newest developments in the hacking community. According to one security expert, "It is pretty bad that you have to ally with [hackers] to stay ahead of them, but that's the reality."
If you've taken all of the precautions you possibly can and you still get hacked, don't feel bad. Learn from it. Hindsight is always 20/20. Naive system administrators have been known to leave a known vulnerability in place, somehow expecting that it won't be hacked twice.
Hackers generally don't stumble into your network -- you were picked as a target. Hackers study the problem and take note of all that they find. If the hole in your security armor allows a hacker's arrow to pierce you once, you better believe this weakness has been posted throughout most of the hacking groups and IRC (Internet relay chat) channels.
Just having completed a year-long military computer security study, I will quote from my report: "The only way to secure the systems one hundred percent is to turn them off."