Online security a big issue.

Jeff Mercier came into work one morning, turned on his laptop, logged into the corporate server and quickly got a call from the IT department.

Somewhere during work travels, a virus attached to his laptop computer with hopes of stealing personal information. Fortunately, he hadn't put his entire company and customers at risk.

While the laptop couldn't detect a problem, the well-secure corporate server quickly identified the virus when Mercier logged on at the office. Mercier erased and reinstalled the programs on his laptop. Secure information was not compromised.

"If it wouldn't have been caught, it probably would have got my banking account information," said Mercier, director of operations at Bloomington Offset Process Inc. in Bloomington.

Or worse, the virus could have spread into the corporate server and started stealing company information or even the private information of customers. Mercier and his employer are secure.

Hackers have created various types of key-watching programs and spyware that steal personal information as it's being typed. That information is then resold. It's a $62 billion industry, according to computer-security guru David Stelzl, who travels the country telling businesses the gory details of digital theft.

He called it the new organized crime while at a stop in Bloomington recently.

"This is no longer a bunch of college students looking for notoriety," he said. "The drug trade industry is not as big as this."

In most cases, Stelzl said, the spyware conceals itself because it doesn't disrupt your computer.

"They want you to be profitable. They don't want to disrupt your business. They want to sell your information," he said. "If you're a big company or a small company, you either have information I can sell or a system I can use."

No matter how much anti-spyware a company buys, hackers will always find a key, Stelzl said. Often, unaware employees will give them the key.

They'll respond to unsolicited e-mails or visit phony Web sites that contain viruses.

"Never open e-mail greeting cards," Stelzl said. "If someone e-mails me a greeting card, I delete it and call them and say, 'Don't ever e-mail me a greeting card because I won't open it.'"

The various firewalls businesses buy, Stelzl said, are meaningless without employee education.

"If I went out and bought all those products, I'd be broke," he said. "They will get in. The question you need to ask is 'Will I be able to detect them?'"

Still, protection is the first step in defeating spyware, Stelzl said, and firewalls and security software serve as protection.

The second and third steps, he said, are detection and response.

Bloomington-based Integrity Technology Solutions recently analyzed the computer security of more than a dozen small businesses in the Twin Cities. None were up to par, said Integrity President Harlan Geiser.

"There was a common problem that people didn't have their (security) software updated. They typically don't even know it," Geiser said.

They didn't have protection.

The problem, Geiser said, typically exists in smaller companies that don't have information-technology, or IT, departments. Many companies, for example, refer all computer-related questions and problems to the employee in the office who's the most tech savvy, Geiser said. That person has other responsibilities and can't keep up with the evolving world of computer security, Geiser added.

Such companies have no form of detection.

If companies don't have an IT staff, many now outsource such tasks to companies like Geiser's. In addition, proper employee training and education can help workers detect suspicious e-mails and Web sites.

Lastly, after protecting your server and detecting the virus, companies need to respond.

This means simply deleting the virus, Geiser said, and fixing affected programs.