How To

How to Fraud-Proof Your Company

Fraud experts focus on ways to combat insidious insiders at the 19th Annual Association of Certified Fraud Examiners (ACFE) conference, and a convicted fraudster explains how he went down the wrong path

By Bill Brenner, Senior Editor

July 18, 2008

Patrick Kuhse wasn't born a fraudster. He was once a law-abiding stockbroker with a golden reputation. One day he made a bad choice that led to many more. After he accumulated millions of ill-gotten dollars, the law caught up with him and a four-year prison stay followed.

Now a free man, Kuhse travels the lecture circuit, sharing his story on the hope that listeners won't make similar mistakes.

"I talk about why people do what they do and why I did what I did. I try to pass on critical thinking errors," Kuhse told attendees at the 19th Annual Association of Certified Fraud Examiners (ACFE) conference in Boston Wednesday. "When I went to prison I thought everyone would have long greasy hair and missing teeth. But many fellow inmates looked just like the people you want in your company. I wasn't sure why I did what I did. I didn't need the money or the prestige."

To say the corporate world is full of good people who can go corrupt through a series of bad decisions is stating the obvious. Security pros are well aware that one of their biggest challenges is preventing insiders from mismanaging the customer's money and violating their trust. They know people like that can destroy a company. That's why the security folks have a job.

Nevertheless, the threat of insider fraud is a moving target, and experts at the ACFE event sought to lay down some best practices attendees might not have in their arsenal. The goal: Give professionals new tips they can take back to the office, or at least reinforce things they already know.

Perhaps the biggest tip of all - A company can have the most ironclad employee ethics policy around, but not everyone reads the full policy and it's all wasted paper unless honorable behavior is sewn into the DNA of every worker through constant reinforcement from the top down.

Perhaps the most recent example of this is the collapse of lender IndyMac Bank, which is now ensnared in an FBI investigation of nearly two dozen banks for possible mortgage fraud.

"Sometimes a company has the solid risk-ethics plan in place, but the tone of the policy doesn't always seep down to individual workers," KPMG International Forensics Director Guido van Drunen said during one panel discussion. "Enron once got an award for its code of ethics. The lesson is that you have to have consequences for misbehavior."

Kuhse's story
As Kuhse explained to his audience, he was a successful broker based out of San Diego in 1989 and had never considered doing anything illegal up to that point. Then one day a friend and branch manager from Oklahoma gave him a call to say she might leave the organization for a government job in the event one of her friends won a bid for state treasurer.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Manage your IT more effectively

Simplify your data center with Juniper Networks. View the webcast

Efficient - Flexible - Compliant

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

Digital Identity Protection and Data Security Get Personal

Welcome to the age of Service-Oriented Security (SOS)

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

5 Steps to Secure Outsourced Application Development

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

Secure your virtual and physical environments with the same software

Any company can promise identity protection. Only Debix can prove it

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

IDC Defines an Identity and Access Management Submarket

Using Likewise to Comply with PCI Data Security Standard

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Enabling Compliance with Converged Mainframe Security and Storage

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously