(Fortune) -- Now that the Madoff fraud has been exposed there are still a slew of fundamental questions outstanding.

How did one man, Bernard Madoff, run such a massive, self-described Ponzi scheme? Is it really true no one else was involved? How much money has really been lost? Is it $50 billion? And even if it is only several billion, how does someone burn through that much cash? Where did it go?

And then there's the heart-breaking question one of my elderly neighbors -- a Madoff investor -- asked me: "Will I ever see any of my money again?"

I have no idea, I told her sadly, maybe you'll get some, but you should assume that it's all gone.

Of course there are thousands of stories like my neighbor's. It's outrageous that someone like Bernard Madoff -- a former NASDAQ chairman -- could operate such a vast conspiracy right under the noses of the regulators.

Not long ago the Securities and Exchange Commission reportedly looked into Madoff's operation and found nothing wrong! Hell-oo?! Anybody home?! Did the SEC ask who the custodian of these investments was? I guess not. That's disgraceful negligence on the part of the SEC.

And what about the point that Madoff suggests he acted alone? Well, gee, how convenient! So he's saying that none of his employees -- or sons or other relatives who worked all over the firm at the highest levels -- knew anything about anything?

I say that for Madoff to perpetrate this fraud alone would have been next to impossible given the scale of the business.

And check out this note from a source: "I spoke with a friend today in Denver who used to call on them. [Madoff] had this separate activity for the 'hedge fund.' My friend tried to find out how to get into that part to get more biz from their firm. He was told that was run on a separate floor in a room to which only three people had access where the algorithms were running the money in this black box format." Note: Three people is more than one people.

What's truly scary about Madoff is that when you talk to people who were ripped off you think, there but for the grace of God goes me.

Professionals feel the same way.

This from the president of a fund of fund business: "Every time one of these frauds is discovered I get scared to death it could happen to us. We do lots of things to try to ensure it doesn't, such as checking and confirming auditors and auditor changes, using a private investigator to check on managers when we first invest and the having the PI annually update the file, trying to find references which are not on someone's reference list, etc." If big investors like these could be fooled, he said, anybody can be fooled.

So, bottom line, could investors have avoided Madoff? And what can you do to make sure you don't get suckered by the next smooth talking, cheap-trick artist? Good questions.

What follows are some simple steps to crook-proof your portfolio. Forgive me if some of them seem elementary. But apparently a couple thousand people just lost many billions of dollars.

1. Don't invest in something you don't understand. The attraction of Madoff's investing philosophy was that he employed what is known as a "split-conversion" strategy.

OK. Stop right there. I would guess 99 percent of you reading this have no idea what that means. I didn't. I had to call a hedge fund manager who runs a very sophisticated computer-based derivative operation to explain it to me.

"It's not a magic bullet or a secret sauce," he told me. "It's no big deal, but there's no way to get the returns he did doing this strategy." After talking with him for a few minutes I can tell you this stuff is serious gobbledygook. Greek to us mere mortals. You want nothing to do with it. Avoid it like the toxic waste that it is.

2. There is no such thing as a free lunch. The beauty of Madoff funds is that they supposedly returned 1 percent a month, every month. Like clockwork. They consistently provided above-market returns with no volatility. They were just as safe as comparable funds, only with higher returns. Puh-leeze! That is a financial "push-me pull-you." An animal that doesn't exist.

3. Diversify. I know I know; that's Investing 101. Yet my poor neighbor had all of her retirement money in a Madoff fund. All of it. You just can't do that.

4. Don't stand for no or low disclosure. I was looking at my neighbor's "statements" from Madoff and they were ridiculous. Nothing in them. Just "balance at the beginning of period," "balance at the end" kind of stuff. Why bother with all the other numbers? What's the matter, you don't trust us? I did note the fund would only let her take money out twice a year. Nice.

5. Be wary of no-name operations. I'm not saying you couldn't lose your dough in a Fidelity or Vanguard fund or a Merrill brokerage account through fraud. But I will say it is much less likely. By many orders of magnitude. And if your money is in a bank under the FDIC minimum, well then, of course it carries a government guarantee. In the case of Madoff, folks would whisper, "I know this guy who does great. You've never heard of him, but he's better than everyone else." Yeah, right.

So there you have it. Yes, some of this is familiar stuff, but in these times, it bears repeating.

By the way, maybe the Madoff meltdown will actually get folks riled up to regulate hedge funds! Hedge funds are supposed to only be for "qualified investors" (read: rich people), but gradually more and more small investors have found ways to get in, either through fund of funds, or by other kinds of pools as in the case of Madoff.

I do think some of the investors in Madoff's funds should have known better. But many didn't know better.

Either way, here's the crux: What in heaven's name were they doing down at the SEC?