Learning from Société Générale

kerviel.jpgAs I’m sure you read about, by now, Jérôme Kerviel, a 31-year old trader at Société Générale, has been accused of manipulating securities trades. His alleged crimes, cost billions of dollars, which is a lot of money, but not damaging enough to shut down Société Générale.
What if this was your business and you lost $100,000? What if you lost $2 million. Would this hurt your business? I’m sure it would.
The WSJ writes More security makes accessing a system less convenient. It’s also expensive. So businesses often require passwords and call it a day. If there’s any good that comes from Kerviel’s escapade, maybe it’s that businesses will finally understand the difference between control and security. And maybe they’ll invest a little more in the latter.
What are some lessons we can all learn about combating employ theft and fraud in our own businesses?

1. Audit your records – financial, inventory and otherwise and audit them on a periodic basis. Have an independent company, or a 3rd party periodically review financial transactions, server logon attempts and other transactions for suspicious activity. Having your accountant and technical consultant work with you on this is important.
2. Implement strong and secret passwords to employees. Mr. Kerviel didn’t use some James Bond like moves to hack into his employers computer systems, he simply used passwords of colleagues. If the passwords were changed on a regular basis and if the passwords were not shared or known by others, Mr. Kerviel’s fraud might have never occurred.
3. Passwords are only one step in a multi-pronged set of steps to better secure your business. You also should consider implementing multi-pronged systems to protecting your business’ vital information. Passwords that change on a periodic basis and are kept secret by employees, are one leg. The other leg is implementing biometrics.
Biometrics do not have to be very expensive, but can be as simple (for starters) as using a finger print reader on USB key or built into notebook computers, in addition to passwords. If a password becomes known by someone who should not know it, this second layer of defense can help.
The final leg in this mutli-pronged security approach is a digital security card, as recommended in the Forbes article. In order to access a secure system, you would have to slidd the card into a card reader or input a number randomly generated by the card using a keyboard.
Of course systems like this can get very expensive, but depending on how secure you need to be, the investment might be worth it.
3. Know your employees. Even the best employees can appear to be “good at heart” but still steal from us or otherwise harm our businesses in some way. However, hiring the right people and creating a great business culture is a good start.
4. Training employees is a big part of good security as well. If your employees are trained in what to watch out for and how to be more secure – your entire business will be more secure.
Kevin Mitnick’s book, The Art of Deception illustrates how electronic theft can occurs, not so much by fancy hacking but by gaining trust of those with access and getting them to divulge information that can help a digital thief steal data.