Now Tzvetkoff’s charges include gambling conspiracy, bank fraud conspiracy, money-laundering conspiracy and plain money-laundering. The main thrust of these charges is that he aided illegal online gambling enterprises in laundering that half-a-billion dollars into offshore accounts. Though banks prohibit internet credit card gambling, it is alleged that Tzvetkoff tricked them into accepting that the gambling deals were nothing more than routine business transactions. Having established his credentials in that way, he proceeded to utilise the automated clearing-house system to funnel millions of dollars between the United States and a network of firms in the British Virgin Islands. The FBI alleges that among his electronic correspondence it found messages that bragged how Intabill had hired computer experts to create distinctive websites for companies that would put anyone checking them out right off the scent. They would have no way of discovering the linkages between any of the firms involved.

If you feel there’s a chance that your business could have been unwittingly drawn into a dangerous web of intrigue like this, match cleverness with cleverness. Call in a team of professionals quickly. They’ll use advanced techniques like computer forensics to tell you exactly where you stand and what you need to do – fast.

It was one of the two young Australians involved, Anthony Prince, who was telling the nation his story. He’s recently completed a 4½-year prison stint in the US, where he and his accomplice were convicted in 2005. They were both 19 at the time and were on a working holiday in the famed ski resort of Vail, Colorado. “We didn’t really want to rob a bank,” Prince explained. “We were just talking about it … joking about how we could actually do it and then before we knew it, it just turned serious. You’d have to be retarded to think you can get away with it.” Arming themselves with replica pistols and wearing facemasks, they stormed the Weststar Bank – where they were regular customers – and stole $US132,000. They were wearing name-tags from the sporting goods store where they worked, and failed to disguise their stand-out Australian accents, which made it easy for the tellers to identify them.

Hours later, the pair went on a buying spree, photographed themselves in a public toilet posing with the stolen cash and then purchased one-way air tickets to Mexico. They were arrested at Denver International Airport and hauled off to court. Prince’s accomplice, Luke Carroll, was sentenced to 5 years because he pushed one of the female tellers to the ground and injured her arm during the robbery. You can’t help laughing, but when you stop, do consider calling in a professional team to scan your business for irregularities. Computer forensics is but one of the methods they’ll use to tell you what’s going on right under your nose.

Here are five key areas where you need to be alert to danger, often right under your nose, that could end up destroying your business whether it’s a large-scale or small operation. Threats can be internal or external, electronic or human – or a combination of each. In a global community, they can come from well over the horizon, and from angles you might consider least likely.

1. Know Your Company’s Strengths.
While there aren’t many business managers who don’t know where their profit comes from, a significant number will automatically assume that it is only the strengths that drive those profits that someone else might wish to steal. The two do not necessarily equate. What may appear to you to be a minor part of your production chain could be the missing link for a domestic or overseas competitor. To get at it, they might try to hack into your computer system or perhaps pay one of your employees to hand it over. These days, it’s unlikely to involve a page photocopied from a manual. It’s more probable that it will be available electronically and brought out on a disc, a portable USB drive, if not emailed directly. Make sure that if that missing link is a physical component – like a ceramic chip – you don’t unwittingly hand it over yourself when an overseas delegation visits your plant feigning interest in purchasing large quantities of your finished product. It is vital to know where you sit within the global system.

2. Know Your Employees and the Stresses and Strains They’re Under.
The global financial crisis might be only one reason why some of your staff members are desperate for cash. Many family breadwinners are under constant pressure to cover mortgage payments and school fees, while others might be driven by greed or envy to enhance their lifestyle at your company’s expense. Within your business, some will work in areas where they are custodians of your firm’s “crown jewels” and are fully aware of the value the latter have on the open market. You need to regularly update yourself on critical junctures in your company’s operations and who’s working close to them. If you have a multi-cultural workforce, you can’t overlook the possibility that a competitor (even one whose existence you’re unaware of) in the mother country will use that linkage as leverage to obtain what they’re after. In general, be particularly alert when employees are known to be disgruntled, or, for the best of reasons, others leave or are declared redundant. When employees depart, you need to review whatever they’ve had access to, whether electronic, hard copy or in the intellectual property domain. Watch your gamblers and drinkers like a hawk.

3. Physical Security.
Know who’s coming in and out of your firm’s premises. Some companies have no policy on visitors, whether friends, customers or prospective clients. Even inquisitive members of the public sometimes gain access through sheer gall and boldness. Consider the areas to which general staff access should be restricted. Don’t forget to screen your cleaners, caterers, as well as your security guards. Anyone who has access to your premises during or after working hours is a potential threat, either through accessing sensitive information or planting listening devices. Remember, while James Bond movies are usually “over the top”, we do live in an era of easy-to-use and readily available gadgetry. Consider having your premises regularly “swept” – both electronically and physically – by professionals who are aware of the latest tricks in the game. Moreover, don’t employ just any IT firm to service your equipment. Check them out before you give them unlimited access. Make sure your business isn’t like an international airport, where every effort goes into screening passengers and their luggage up front, while back doors remain wide open with baggage-handlers, security and cleaning staff, and tarmac technicians largely unchecked and unsupervised. Consider adopting a clean desk policy, much like intelligence agencies have, whereby anything sensitive is locked away at the end of the work day.

4. Electronic Security.
This is a huge area where every business should regularly seek professional advice on the sort of equipment installed and the ways in which it is used. Anti-virus software and firewalls won’t offer much protection against a concerted attempt to penetrate your operations. The latest examples of hacking – whether engaged in by experts or amateurs – continually remind us of how vulnerable every system is. Large volumes of information, whether client lists, sensitive data on customers, product designs or long-term strategic plans, can often be pilfered in a matter of seconds. Similarly, you may have a geek in your employ who knows how to get around any security measures you’ve put in place and vacuum up vital secrets for on-sale to the highest bidder.

5. Personal Security.
Most employees – through no fault of their own – will lack the sense of security with which you would hope they’re endowed. You need to regularly reinforce for them your company’s security requirements, and the best way to do this is to keep it simple. Start with a case like taking work home at night or over the weekend, especially on laptops, and how locking such things in the boot of the car if they stop at a restaurant on the way, offers no security at all. Teach by example, because association helps most people remember. Be wary of employees with loud voices; you can’t afford to have your company’s innermost secrets broadcast around coffee shops and on buses. Remember that the “need-to-know” principle, which customarily compartmentalises information inside your firm, also has another dimension. That is, the need to avoid constant repetition of key pieces of information – such as customer’s names, explicit details of contracts and company strategies – in telephone conversations and in general dialogue with work colleagues. This applies especially in public places. Without thinking, most employees will open up a conversation by regurgitating sensitive information that the other person already knows. Rather than saying, “You know that deal we have with XYZ, where we’re going to overcharge them by $100,000 … ?” can usually be easily replaced with, “You know that deal we spent all of yesterday working on together?” The old wartime phrase, “Loose lips sink ships” is both illustrative and effective. A good sense of personal security is a disposition, which is something you have to nurture in your employees.

The Good News: if you think all this sounds worse than the car-wash you’re immersed in every day (and often at night), consider a one-stop solution. Call in a team of experienced professionals that can audit your company’s operations from woe to go – technologically, as well as in human terms – and provide you with a detailed rundown on where you stand on the corporate espionage front. They’ll identify danger spots in your business, some of which will really surprise you, and present you with a range of solutions. They can also brief your employees in the process, especially on threats posed by mobile phones and social networking sites. Furthermore, they may in the course of their forensic examination of your business not only uncover cases of external penetration but also internal fraud and other crimes that you need to know about fast.

Remember, if you adopt this course of action, and in doing so brace up your own sense of security your staff will notice it quicker than you might care to imagine. The better informed you are seen to be, the more likely they are to trust you and follow your example.

The guilty New Zealander is investment banker Stephen Versalko, 51, who has just been sentenced to six years in prison for stealing $NZ18 million from his employer, ASB Bank. OK, that hardly ranks alongside Madoff’s billions and his 150 years in the slammer, but in a small community like New Zealand shame carries a lot of weight. Versalko’s prospects of ever running a business again are about as bright as Bernie’s. Details of the case revealed in court show how many warning lights were flashing. Two prostitutes received over $3 million from Versalko, while much of the rest went on wine, property and making interest payments to clients to keep the scam running.

The prosecutor described the fraud as the biggest employee theft in the country’s history – a classic Ponzi scheme in which investors received interest payments from their own capital or from newer investors. To top it off, Versalko was exposed when one of his 30 wealthy victims saw a TV documentary on Madoff and became suspicious. Versalko admitted that he felt he was Mr. Invincible.

Well, if you have no desire to learn of a crime committed right under your nose from a television program, and if you want to make sure there are no Mr, Ms or Mrs. Invincibles in your employ, call in a professional group now. They’ll use state-of-the-art technology and a host of sophisticated techniques to tell you not only where you stand now, but also to protect you in the future. It’s all legal, and if they do find something, they can provide you with the evidence you’ll need for prosecution.

‘Loose lips sink ships’ is an old wartime catchphrase that points to how most of this spillage occurs. Your staff talks without thinking and others pick up their banter. Bear in mind, surveys show 98% of users volunteer enough data for their identity to be readily stolen. How careful then, are they likely to be with your corporate secrets? Because advertisers increasingly use this medium to reach a mass audience, networkers perceive an aura of business legitimacy about it. But that’s only your ‘innocent’ employees. Think how much worse it is when they’re malicious. Even the FBI in the US, we now learn, is swimming in these same waters to track down a host of wrongdoers. Of course, FBI operatives are the goodies. Imagine the baddies targeting your operations?

If this frightens you, and it should – after all, your board would expect it to – call in a group of experienced professionals without delay. See how they can help you protect your business, or, to put it another way, fulfil your responsibilities. Their sophisticated methods, like computer forensics, stretch well beyond social networking and will throw up a range of other threats you may never have thought of. There are too many to mention, but fraud is commonly high on the list.

This scenario may well be exercising the minds of senior executives in Tokyo at Nomura, the Japanese investment bank that has only recently integrated the non-US assets of Lehman Brothers. That’s a lot for any python to digest and the last thing you want in the process is a burst in the seams. But early in March, Nomura’s head of equities in Asia, followed by the joint-head of fixed income, indicated they were stepping down. Then the bank’s head of telecoms, media and financial practice in India also left. Now Nomura’s been hit with its highest profile departure: its chief executive for Europe, the Middle East and Africa, who was actually the architect of the Lehman acquisition.

This is not to insinuate in any way that these high-calibre executives are “robbing the bank”. Rather, it’s to highlight the extreme danger that can confront a business when resignations – and especially sackings – take place. You can’t protect yourself after the event, but you can be proactive beforehand. The right professionals will equip your business with monitoring and analytical capabilities that not only detect fraud in standard times but also pick up variations that forewarn you of imminent departures. It’s state-of-the-art and fundamental to security. Ignore it at your peril.

Central to the Lehman case are its off balance-sheet trades, using devices like “Repo 105”, which enabled it to shift some $US50 billion off its books. These transactions, never disclosed to investors, rating agencies or regulators, are described by Valukas as “an accounting gimmick” and “window-dressing”, making the organization look healthier than it was. Some of his heaviest criticism is levelled at Ernst & Young, the Big Four auditor, for the role it played in Lehman’s bankruptcy, raising again the spectre of Enron and shonky accounts. One experienced US attorney has said that the idea that such a firm would sign off on all this is “absolutely incredible”. He stressed that the auditor had a public duty beyond its client to say to Lehman Brothers, no, you just can’t do that.

Then there’s the question of Lehman’s elite London law firm that also signed off on the controversial transactions. And all this against a backdrop of other major GFC failures, like the key ratings agencies that were missing in action when they were most needed.

Are you lost in this constantly changing business landscape? “Where can I find a reliable fixed point of reference?” If that’s your plea, then call in a group of independent professionals you can trust. Their sophisticated techniques in areas like financial and transactional analysis, fraud detection and computer forensics will help clear a safer path ahead for your business.

It’s not a pretty picture for a company that has long enjoyed a reputation for quality. But it’s a scenario that all business managers dread. Inevitably there’ll be a technical explanation, but the situation will no doubt have been exacerbated by well-known human and organisational failures. Somebody in the managerial food chain didn’t want things seen to be going awry on their watch; nobody was bold enough to warn divisional chiefs that trouble was brewing; nobody at the top had an independent means of reaching down into the company’s engine room to monitor reality for what it was, rather than what others wanted it to be.

That’s the lesson in all this. As a company chief, you can have your own eyes and ears. Bring the right professionals on board and they’ll apply techniques like transactional analysis and computer forensics to give you an accurate portrayal of reality. Is it wrong to second-guess your managers? Are you going behind their backs, or are you simply doing your duty? When is secrecy justified, and how do you cover it up in your company accounts? It can be tough at the top, but that’s what you’re paid for.

These, of course, are incoming threats. On the outgoing side, there are employees who divulge sensitive corporate information while on social networking sites. There, their idle banter can be harvested as public property and used in a way that may damage your company’s reputation, if not demolish public trust in your products and services.

Just how insidious social networking sites can be was brought home to Britons when the UK Justice Minister, Jack Straw, revealed in February that 30 Facebook pages had been taken down because prisoners were using them to taunt their victims. Facebook removed the offending pages within 48 hours. “It’s not that people at Facebook have a different sense of morality from us,” the Minister told the BBC. “They have the same sense of morality but they have to police hundreds of thousands of their sites, so what we have to do is set up a better system with Facebook.” He said he was reassured by the cooperation his department was receiving from Facebook as the government sought a longer-term solution “to this very modern version of the old problem of victim harassment.”

In January, it was revealed that one of the UK’s most notorious gangsters had used the site to threaten his enemies while serving a 35-year sentence in a maximum security prison. That underworld boss, who had helped plot the murder of two grandparents, sent messages to 565 “friends” after being transferred to a prison where he claimed that management had a liberal attitude to social networking. “I will be home one day,” he wrote in one message, “and I can’t wait to look into certain people’s eyes and see the fear of me being there.”

While this new networking medium can be highly beneficial to many businesses, there are ways of guarding against it compromising your corporate integrity. Anti-virus and anti-spam products simply can’t provide you with the protection you need, but there are comprehensive security packages that offer more. Far and away, it is best to call in a group of experienced professionals that can assess your company’s existing system, recommend the software you need, and while at it brief your staff on the danger points to watch out for. Remember, it’s your corporate information you’re aiming to protect – not simply your hardware and technology. A professional team can help you with all of this, using sophisticated techniques like computer forensics to provide you with a clear picture of what’s going on in your business and what has to be done.

A McAfee survey of 600 international technology executives (‘In the Crossfire: Critical Infrastructure in the Age of Cyberwar’, available at www.mcafee.com), released in January, helped wipe away any New Year complacency. It found that recession-driven cuts in spending on online security over the past 12 months had led to an increase in threats. The result was that more than one-third of those interviewed believed their sector was unprepared to deal with a major attack. More than half felt that the laws in their country were inadequate in deterring potential cyber-attacks, and almost half lacked any faith in their government’s capacity to prevent or deter them. One expert believes that consumers will increasingly bear the cost of online crime and security breaches as organisations seek to limit their exposure in an escalating battle against such attacks.

Art Coviello, president of EMC’s data security arm RSA, for example, has little confidence in government, pointing out that data security regulations have fallen way behind the internet age. He believes that government regulation on security should focus on outcomes and not on prescriptive measures. Data breach regulation is a great regulatory initiative because it does just that. It says, if you are negligent in protecting information, you need to publicly confess. He says it’s amazing what California has done to ensure that people do the right thing because they don’t want to be embarrassed. “Compare that,” says Coviello, “with prescriptive regulation like the obligation to encrypt this or provide that. That relies on the government having the kind of technological sophistication to keep up with the threats. What do you suppose are the odds that governments are going to move quickly enough? They can’t even update the laws for the internet age, let alone data protection. It’s much easier for government to say don’t let something happen and put the onus back on the organisation to protect its infrastructure however it sees fit.”

This, of course, is government acting in the legislative and bureaucratic sense. When you look at the electronic eavesdropping capabilities of most governments, the picture changes significantly. But that capacity isn’t necessarily geared to helping you. Rather, it’s devoted to intelligence gathering, whether on the political, economic or anti-terror fronts – and let’s not forget, sometimes on the commercial. As Paul Mah notes in an article in the Florida-based TechWatch brief (“Is cyber warfare the new corporate reality?”, January 29), in which he commented on the McAfee findings on infrastructure threats, “What I find deeply disturbing is the prospect of rooms crammed full of elite hackers working from multiple systems as they conduct round-the-clock cyber campaigns against less well-supported corporate entities.”

Today, he observes, it would be unusual to enter a corporate office and find staffers without access to a dedicated workstation. And most households in developed nations have more than one PC at home, which would likely have some kind of access to resources on remote corporate networks. “The chilling truth,” he says, “is this: a successful exploit on any one of these machines could potentially tear a huge security hole in a network. How can smaller companies stand a chance against the forces that foreign governments can bring to bear? Is the ability to protect against cyber attacks the new reality for corporations around the world.”

Michael Malin, executive vice president of Mandiant, a US information security firm, knows how serious the challenge can be. His company released a report in late-January that shed light on the ultra-sophisticated art of so-called advanced persistent threat (APT) attacks. Malin points out that, “once hackers are in, they don’t need to hack through again; they set up camp with a longer-term presence that allows them to move about the company freely and typically undetected.” Alan Shimel, CEO of The CISO Group, another US security firm, sounds a warning to all of us worried about cyber attacks. “From a security point of view,” he says, “there’s no magic bullet. Nothing is going to make you immune.”

There is another area which companies often overlook. Asked about how social networking affected data security, Art Coviello suggested it has become a key avenue of malware infection. “Not unlike the physical world,” he says, “if you have an infection like HINI virus (swine flu) and you go into a crowded nightclub, you’re going to spread that infection all across the nightclub. Hackers have found the social networks, and it’s very easy for you to pass on these pieces of malware across the social network environment. Our advice to organisations is that they ignore these phenomena at their peril, which is not to say ban them. To try to stop the proliferation is folly. To embrace it, but embrace it with a level of control, is the way to go about it.”

So, no matter which business sector you’re in you will in some way be vulnerable to the myriad dangers lurking in cyberspace. As with space-junk, even the smallest fragment can destroy your business operation, if not your company’s reputation as well. Here are three ways to be proactive and start protecting your company:

1. Know Exactly What You’re Up Against. The cyber challenge is not an ad hoc process, whereby you simply react to a perceived threat. It is constantly evolving and unrelenting in nature. You need to call in a group of professionals with a solid track record in such things as computer forensics, transactional analysis and fraud detection to map out for you not only the external cyber threats confronting your business but also internal vulnerabilities that make your organisation more susceptible to penetration than it needs to be. It’s a waste of time looking at one without the other. If you hire the right experts they will provide you with a thorough audit of your operations, the strengths and weaknesses of the electronic equipment you’re using and of specific danger spots in your business where human frailties and foibles beckon a hacker to “step this way”.

2. Plan for Ongoing Protection. While large corporations often have a security section devoted to the cyber challenge, most small and medium businesses don’t – nor can they afford to pay constant attention to it. Consider designating a staff member, whether it be your firm’s resident geek or someone else suitably qualified, to receive regular updates from the professional group you’ve called in and who can liaise with them as required. As CEO or manager you must be well acquainted – and be seen to be such – with every significant development in this security arena. As with a sense of corporate integrity, so too with security: it’s a disposition that starts at the top. Be prepared for occasional briefings that the professionals may choose to give to you, and you alone, in the first instance. Nowadays, cyber security is something that you need to stay on top of, as busy as you are. It is not something to be delegated and dismissed until a major executive decision has to be made. If you lack an informed overview your staff will pick it up quickly – and some may exploit it.

3. Think Big, and Outside the Square. Hardly any business can now isolate itself from cyber threats. No matter how insignificant a certain aspect of your business may seem to be, somebody in a vastly different place in today’s globalised system is likely to have a keen interest in knowing all about it. You don’t have to be involved in a major international tender process or in cutting-edge research and development to be targeted. A subcontractor or provider of component parts sometimes unwittingly offers the point of entry that someone else seeks. Equally, your company’s contribution to a larger process may be the missing link in a chain that someone else is trying to replicate. Don’t overlook the immense power that a foreign government’s intelligence apparatus has – whether electronic or human – if you possess something that’s vital to the growth of an industrial sector on the other side of the globe.

In short, don’t think you need to learn all this by yourself. The right group of professionals, especially with solid global and cross-cultural experience, can get you up to speed quickly – and keep you up-to-date. They can also brief your employees if necessary. Not to do this, is to make your business a “sitting duck”.