(FORTUNE Magazine) – Ever more fearful that a virus could invade their computer systems, U.S. companies are turning increasingly to security specialists and asking for help. Cris Castro, director of information security at SRI International, says the privately held Menlo Park, California, research and consulting company is getting 30 calls a day. The sudden alarm comes in the wake of Robert Morris Jr., a 1988 Harvard graduate now studying at Cornell. His alleged invasion of the Internet computer network unleashed a virus that disrupted government and university research systems nationwide. But hackers, as computer buffs are known, aren't the only danger to computer systems, according to Noel Matchett, president of Information Security, a private, Silver Spring, Maryland, consulting firm. He believes disgruntled employees and unscrupulous competitors present an even bigger threat. ''No computer system is foolproof,'' says Edward Boudreau Jr., former head of technology for John Hancock, who is now president of the company's investment advisory subsidiary. ''We do spend some time agonizing over that issue.'' But there are several steps companies should take to make themselves as safe as possible. Among them: -- Change employee passwords at least several times a year and revoke them immediately after someone leaves or is fired. -- Make copies of important files and store them in restricted safes. -- Encode sensitive data, making it meaningless to anyone without the code. -- Have a backup computer system on hand that would provide uninterrupted service in case of an emergency. -- Use different computer systems for various corporate departments, separating finance from purchasing, for example. -- Test new software and personal computers for bugs before they are distributed. -- Restrict access to confidential information and enforce need-to-know ground rules. -- Make sure your programmers have plugged all routes into the system to prevent outsiders from entering -- as Robert Morris seems to have done. C.G.