News and analysis on the global fight against fraud
White-collar crime, an insidious and complex category of offenses, extends far beyond the conventional image of criminal activity. Understanding white-collar crime is crucial for individuals and finance, law and security professionals in our interconnected world. This guide delves into the multifaceted landscape of white-collar offenses, illuminating the covert operations that underpin them.
Read MoreJames D. Ratley, CFE
I bet your organization works extremely hard to find good employees. Weeks of intensive searching, vetting of qualifications and background checks hopefully yield hardworking, loyal colleagues. Of course, you know all that cultivation still can yield some rotten apples.
Ryan Duquette, CFE, CFCE, author of the latest Fraud Magazine cover article, "Insider threats! Using digital forensics to prevent intellectual property theft," quotes studies that show that half of all departing employees leave with confidential company information — either deliberately or unintentionally. That's sobering. How are your organizations deterring the fraudulent flow of intellectual property out the door?
Because most fraud examinations focus on establishing if, and how, someone did what they're suspected of doing, the author writes, they must learn fraudsters' common methods to remove sensitive information. These include the obvious means, such as personal webmail accounts, portable storage media and personal devices. But they also include accessing corporate systems via remote sessions and cloud storage.
Duquette emphasizes that fraud examiners should be part of the everyday work routines to examine new and leaving employees. "Your input and expertise is vital because you might see different patterns and suggest other methods, which could help examine broader fraud matters in your organization,” he writes.
Fraud examiners can use their skills at observing behaviors to help their organizations, he explains, such as looking for those who take proprietary information home via thumb drives or email without authorization, and inappropriately seek or obtain proprietary or classified information on subjects not related to their work duties.
Duquette also says we can help by looking for those who disregard the organization's computer policies on installing personal software or hardware, access restricted websites, conduct unauthorized searches or download confidential information.
As always, we have to review local, regional and national privacy laws and regulations on examining employees, which seem to change daily around the world.
"If the employee’s role grants them privileged access to highly confidential data such as payment card numbers, personally identifiable information or financial information, there's a risk that your activities might result in compliance issues," Duquette writes. "For example, you might locate payment card and transactional data and duplicate it to present as evidence. That action, while well intended, might be in a contravention of a policy or control that you've agreed to adhere to because you're moving the data outside of a controlled environment."
As Duquette implores, don't let departing employees leave with valuable intellectual property. Use digital forensics in daily workflows before they resign and in exit interviews to prevent IP theft rather than potentially be involved in litigation after they're gone.
Read more about the cover article and more at Fraud-Magazine.com.
SPECIAL TO THE WEBRobert Tie, CFE, CFP
Contributing Editor, Fraud Magazine
“Business is hell,” said U.S. Civil War Gen. William Tecumseh Sherman … well, not quite. “War is hell” were his actual words. But there’s ample reason to believe that this prototypical warrior took the dangers of the marketplace seriously.
As CFEs well know, fraud is one such peril. And if it happens in Silicon Valley or another of the world’s R&D capitals, billions in legitimate profits can disappear. It’s enough to make anyone nervous about their intellectual property (IP).
Sherman, who initially had left the army for a business career that ran from real estate to banking to law, all with limited success, later said that he could more easily lead 100,000 men in battle than manage land in a speculative market.
And it was true. He re-entered the U.S. Army when war broke out in 1861 and led his troops to victory in the South. Before that, however, he had suffered from stress-induced asthma during the 1850s real estate frenzy in San Francisco, where he managed the West Coast branch of a Missouri bank.
In the volatile business environment of the Gold Rush, California land was seen as the key to great wealth, and people resorted to any means — fair or fraudulent — to get it. Then, as now, it wasn’t easy to lead a business in a cutthroat competitive environment.
CURRENCY OF IDEAS
Fast-forwarding to the 21st century, we see that today’s commercial frenzies often are less about land and precious metal than they are about marketable new ideas. For example, when developed into innovative consumer electronics, the right brainstorm can generate more profit than many a gold mine.
“Consider the iPhone,” says Jonathan Turner, CFE, CII, a principal of Wilson & Turner Incorporated, an investigative consultancy headquartered in Memphis, Tenn. “Before it revolutionized cell phones, they all had pushbuttons. Now it’s hard to find one of those. That’s how valuable the touchscreen concept was.”
No one wonder, then, that Apple and other businesses investing heavily in R&D get the heebie-jeebies at the prospect of someone stealing the design of their latest product before the company can bring it to market. You might think the best response would be super-tight security.
“Think again,” Turner says. “Before a new consumer product goes on sale, the manufacturer needs to find out how typical customers react to it.”
Toy makers, six to eight months before Christmas, put early models in front of test groups of kids to see which ones they play with, he says. That feedback determines what will be in stores just before the holidays. Likewise, the New York and Detroit auto shows introduce “concept” cars with radically innovative, sometimes outlandish, features. Some of those elements turn out to be so popular among show attendees that manufacturers add them to the next generation of cars.
“Sure, that market intelligence is beneficial,” Turner acknowledges. “But getting it involves exposing your valuable new designs to outsiders. In the IP world, the competition is for ideas, and once they get out, it’s impossible to put them back in the bottle. Even if you’ve patented your concept, a competitor can create a product that does the same thing in a slightly different way and doesn’t intrude on your patent.”
FACETS OF RISK
Turner recalls two instructive incidents Apple might prefer to forget — after learning from them, of course.
In 2010 and again in 2011, Apple employees field-testing as yet unreleased new iPhones inadvertently left them in public places. Outsiders soon found, examined and discussed them at length not only in the media but in the design labs of Apple’s inquisitive competitors.
“Everyone asked why Apple let these devices be taken out of the laboratory,” Turner says. “The answer is you don’t know how well it’s going to work until you put it in the field. So Apple told its employees to test the new phones in a variety of environments where customers would use them. In doing so, however, Apple took the risk that its competitors would see the devices before they went on sale. Thanks to such premature exposure, competitors often swiftly introduce a similar product.”
Still, product development and marketing people take that risk because they think the “real-world” feedback is worth it, Turner notes. He adds, however, that information security teams — more mindful of risk than of reward — might reject this approach.
“Various internal constituencies often have very different views on IP — what to do, why and how to go about it,” Turner says. “This is a normal, rational conflict that every organization must learn how to mediate.”
THE RIGHT BALANCE
There are up to 30 different constituencies inside the typical business, Turner says — executive-level management, several categories of divisional or mid-level departmental leadership and 10 to 20 categories of rank-and-file employees in functional areas. Each of these groups has its own perspective on how to capitalize on and protect the organization’s IP.
“In many companies, the legal department’s role is to mitigate risk exposures, and the easiest way to do so is to say, ‘You can’t do that,’ ” he notes. “In contrast, the development group wants to put its products in front of as many people as possible to determine which design nuances can turn their ‘okay’ idea into a market breakthrough.”
Finding the right balance between these approaches requires accepting certain shortcomings to obtain what you perceive to be even greater advantages, Turner says. The typical trade-offs? If an organization wants to field-test its products, it has to sacrifice some IP security and vice-versa.
News and analysis on the global fight against fraud.
Interested in contributing to ACFE Insights? Find out how you can become a featured guest blogger.
©2024 Association of Certified Fraud Examiners, Inc. All rights reserved.
Association of Certified Fraud Examiners, ACFE, Certified Fraud Examiner, CFE and the ACFE logo are trademarks of the Association of Certified Fraud Examiners, Inc.
Powered by Squarespace
