Tender traps

Tender traps

Keep an eye on seemingly 'workaholic' staff as well as computer savvy employees who may exploit vulnerabil-ities in your system, warns celebrity investigator Julia Hartley-Moore. With technical expert 'Dave', she discusses how IT directors can help close the loopholes that allow fraud to flourish in the workplace.

Why was one Auckland business puzzled at the loss of a million dollars worth of goods a year? How did the rival business discover company secrets without having to bug their opponent's office? And how can staff easily pilfer cash when cameras and other security devices have been fitted?

Such is the world of the private investigator. But far from the glamorous world of Hollywood, of spies, secret lovers, millionaires and a raft of technical devices; here in New Zealand, the role of the private detective is apparently a little more mundane.

Living 40 minutes away from Auckland city, in a seaside suburb, is Julia Hartley Moore, who in the flesh looks almost as glamorous as her TV image, though she likens herself more to Agatha Christie's Miss Marple.

Fed a diet of CSI-type cop shows, you might think a world of technological devices exists to make investigation simple and easy - a bugging device here, a camera there.

Alas, thanks to the Privacy Act, Moore says her role is "incredibly boring" and rather than being Gumshoe, "Miss Marple is more my way of doing things."

"A lot of information is obtained from talking to people. That's where women have the upper hand, because we are non-threatening. Most people are happy to give you information. That's my forte, actually," she continues.

Indeed, New Zealand's Privacy Act forbids the use of much surveillance equipment like cameras, especially in public spaces. "We are the camera. We are the eyes," Moore explains

Her agency, Arbeth & Co, was formed in 1995 after an "interesting life" owning a stud farm in Waikato, transporting horses to Hong Kong, and working in the UK for Mohamed Al Fayed of Harrods. "I was married to a high powered businessman and saw a lot of white collar crime. It was a fantastic place to start," she says.

Since then, Moore has written two books, appeared on a raft of TV shows, and become an international expert on fidelity and a sought-after public speaker. Her business employs five staff and a range of contractors and contacts in forensics, computing and accounting.

The agency can deal with issues as diverse as retail security, warehouse security, credit card fraud, staff shrinkage, covert cameras, personal protection and security, computer forensics, company drug testing, handwriting and forensic document examination, employee screening and malpractice, as well as keeping tabs on errant spouses.

Moore, together with her technical expert, whom MIS was asked not to identify, so we shall call him 'Dave', say the most important thing any employer can do is check references to ensure their staff are honest - an issue particularly important for IT executives whose 20-something staffers probably know more about IT systems than their bosses.

"It's easy to be a crook in New Zealand. Kiwis take people at face value and very few companies or owner-operators thoroughly check references and CVs," she says.

Despite today's technological world, Moore and Dave believe understanding human nature is far more important than technological knowledge. Consequently, they plan to run seminars on this topic, along with loss management and prevention of computer fraud and misuse.

Both believe in the "10-80-10 rule" which means 10 per cent are regular crooks; 10 per cent will never steal, while the remaining 80 cent will, depending on the opportunity and the risk of being found out.

"If you are going to employ someone, especially if there is interesting stuff to steal, the first thing you need to do is get permission from the prospective employee for a series of background checks. If they are not happy for this to happen, you have to ask yourself why? Because when you have nothing to hide, you hide nothing," Moore explains.

Dave warns corporate fraud is "rife" and open to computer savvy staff that will find vulnerabilities in any system. Computers also store vital data, such as a highly secretive project that may give a business competitive advantage, so it is vital that staff with access to such information are thoroughly vetted.

He has investigated companies that have planted personnel (sometimes long-term) with a competitor aiming to steal information on a new project or product.

Sweeping bugs

Once, an overseas client that was suffering information leaks had its meetings rooms swept for bugs when the problem was actually an employee planted by a competitor.

"I'm not saying that bugging is not used but for the number of sweeps carried out, the number of positive hits is minimal and why would you go to that extent when you could use key-loggers to obtain passwords and short-term implanted staff to obtain information?" he points out.

Arbeth & Co often uses email tracing in company fraud investigations. Thus, Dave advises businesses to be vigilant, not allowing the transfer of files above a certain size, having levels of authority over information or ensuring certain documents are encrypted so they cannot be read outside. Firms should also have policies over what email can enter or leave the business, and email should be archived for a long time.

Moore and Dave says the use of keystroke logging devices, such as the Christchurch-made Keyghost, that fit behind the back of a PC and records what is typed, are useful tools for IT managers if they suspect inappropriate use of computers.

"These devices are ideal, especially with IP," explains Moore. She adds these can help confirm whether a suspected employee is passing on information to an outside source. They can also be used by parents who wish to know what their children are up to in chatrooms and in checking on errant spouses and their email traffic.

On the reverse side, a key-logging device can easily be used against you. They only take minutes to install and are invisible against the myriad of wires and ports. Each key-logger can hold up to two million keystrokes, are easily removable and the information downloaded into any computer and then re-installed in seconds.

Arbeth & Co also sends people to work under cover in businesses. One case involved the misuse of computers and scanners in a large distribution company. The investigation unexpectedly revealed that both internal and external contractors were involved. Some staff were immediately dismissed and many others failed to turn up for work ever again.

Some time later, Moore received a phone call from the boss of a similar business, who reported the very same problem with shrinkage. The conversation revealed similar methods were being used and when investigated by Moore, the same people who had left or were dismissed by the previous firm, were involved.

Moore says it was interesting these people had made themselves virtually irreplaceable to their new employer by working long hours and taking on extra responsibility. This was, of course, a cover for their fraud and had he checked them out thoroughly, the situation would never have arisen.

Arbeth & Co can look at company procedures, seeing how such frauds might occur and then close down 'loopholes', which more often than not results in staff moving on as the opportunities for fraud or theft are closed down and easier pickings are available elsewhere.

"It's only when systems can be bypassed that you get the problem," continues Dave, adding they are only as good as management are prepared to make them.

Often businesses will have the equipment but never use it, such as the liquor store that had video cameras mounted over the till but no film in them, making them useless unless someone was monitoring them from a nearby office.

Checks and balances

Random checks had revealed more money in the till than registered - caused by staff ringing up $5 for a $10, but had not yet taken the money out. "'Overs' are more of a sign that you are being done," Dave says. "Staff will know the game and how to play it," Moore explains.

Recently, one employer asked a staffer why she had been taking money from the till and was told, "Because you do it, without putting a receipt in. What's sauce for the goose is sauce for me."

More common workplace 'fraud' include theft of company time, or making private telephone calls in work time, "not doing an honest day's work for an honest day's pay".

Software programs can monitor such activities and even if a staffer has something on a computer they shouldn't, like porn, or evidence of some non work-related activity (like running a rival business in work time), it can still be traced, even when deleted.

"Nothing ever gets lost and computer forensics people can go in there and find anything even if you delete it. Back-up files on servers are readily available," Moore explains.

Once again, much of this comes down to human nature and staff showing you who they are right from the beginning, she continues.

The growth of the internet brings all types of fraud, from would-be brides from offshore seeking lonely but gullible old men, to identity fraud.

"People do find love on the internet but that's the exception, not the rule. People accept words at face value. Someone flatters you and you think they're a nice person when you don't know them from a bar of soap. But conmen will always be nice, that's their job," Moore warns.

"The internet speeds up relationships 10 times. You cut to the chase pretty quickly. When lonely people meet these potential suitors, they are not physically attracted to them, but because they have given away so much of their lives, they feel a connection," Moore explains. Young people are as vulnerable as adults and parental guidance and vigilance are important.

Moore also sees a link between such "emotional fraud" and "financial fraud".

"If someone cheats on their marriage, if they can do it to someone they love, they can sure as hell do it to their boss. Often, where there's an emotional infidelity, you will find financial infidelity - ripped off wives or husbands. Such behavioural traits will persist elsewhere," she says.

While this does not necessarily mean never employ love cheats, firms might need to be aware of their circumstances, Moore concludes, because such traits are "human nature".

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments