Quotable... |
''Society is always taken by surprise at any new example of common sense.''
-- Ralph Waldo Emerson
|
|
When the discussion of confidentiality of information comes up, typically the discussion revolves around the exposures created via computers, the internet, and all the related technology surrounding those types of things. Last month's Case-in-Point addressed these issues and ways you can protect data from a technology standpoint.
While technology can expose large volumes of data rapidly, it is important to remember we can lose or expose data the old fashioned way. Confidential data that is on paper and left in public places or in unsecured work spaces can also be used for nefarious purposes. Another way data can be exposed is through simple conversation. Discussions in the hallway or at lunch can potentially expose information or data that is protected by policy or statute. So while technology is important, don't forget to think about what is written or being said and who might be looking or listening.
Earlier this month, Robert Gottesman, our Information Systems Auditor, posted on the Internal Auditing website a white paper of best practices involving data protection. This document runs the gamut from the old fashioned ways we can lose sensitive data to the latest technological risks included along with what we believe are current best practices. We suggest you review this document and consider the protection of data with which you routinely work. If you have any questions, certainly, let us know.
As we see each month, the risks within higher education is vast and diverse. We again invite you to review the latest events within our industry and consider whether you have similar risks or opportunities for proactive management before the crisis occurs.
M. Kevin Robinson, CIA, CFE, CCEP
Executive Director, Internal Auditing
Information Security & Technology Events
Aug. 27, 2014: Women college students spend an average of 10 hours a day on their cellphones and men college students spend nearly eight, with excessive use posing potential risks for academic performance, according to a Baylor University study on cellphone activity published in the Journal of Behavioral Addictions. (link)
Aug. 22, 2014: A recent report from BitSight Technologies entitled "Powerhouses and Benchwarmers: Assessing Cyber Security Performance of Collegiate Athletic Conferences" has found that leading colleges and universities across the U.S. are at even greater risk of security breaches than the retail and healthcare sectors.
(link)
Aug. 21, 2014: Three high-level employees who dealt with Internet security for the North Dakota University System have been put on administrative leave following a server security breach last winter. At a State Board of Higher Education Audit Committee meeting Thursday, Lisa Feldner, vice chancellor for information technology and institutional research, said a workplace investigation revealed some employees didn't think server security was part of their job. (link)
Aug. 21, 2014: ULM says they experienced a data security breach on Tuesday when a employee's email account was accessed by an unauthorized individual. This security breach may have compromised the personal information of students who graduated from ULM in Fall 2013, and Spring 2014. (link)
Aug. 21, 2014: Northern Illinois University faced a storm of haterade from the Internet this week after several news outlets reported the institution had banned students from visiting a slew of popular websites while on campus, including Facebook and Wikipedia. But a spokesman for the university told The Huffington Post the rumors are "ridiculous." (link)
Aug. 19, 2014: New Mexico State University has determined that an on-campus theft of computing equipment in June included a laptop with a link to personal data on 171 students, a potentially serious compromise of vital information. The suspected thief, the university said in a letter dated Aug. 11 to the affected students, has been arrested and charged, but the suspect ''had disposed of the stolen laptop containing the personal information prior to being arrested.'' (link)
Aug. 15, 2014: Tammy Dickinson, United States Attorney for the Western District of Missouri, announced today that a former student at the University of Missouri-Kansas City has pleaded guilty in federal court to cyberstalking a faculty member. (link)
Aug. 6, 2014: A 26-year-old Brigham Young University student was arrested on charges of identity theft and computer crimes. Police say Gabriel Camacho stole personal information of his co-workers, other students and even professors at BYU and the University of Utah. It all started when Camacho was fired from his job when his employer suspected he had hacked into their computer system. Turns out, the employer was right and after authorities searched a flash drive Camacho left behind, they said they learned he had hacked into more systems. (link)
Aug. 6, 2014: Personal information of as many as 1,200 students, faculty and staff at Weber State University may have been compromised during multiple possible break-ins to computer labs. A WSU student was charged July 29 in the incident. The burglar broke in after-hours to the Science Lab Building and Building 4, said Bret Ellis, vice president for Information Technology. Ellis said he doesn't know for sure, but the suspect most likely broke in multiple times from January to April 2014. (link)
Fraud & Ethics Related Events
Aug. 22, 2014: Two managers of McLean-based Integrated Academics and a former admissions official for Strayer University have been convicted of conspiring to create fraudulent transcripts so that foreign students would appear eligible to retain their student visas in the United States. (link)
Aug. 21, 2014: A UNLV English professor is facing plagiarism accusations from a prominent higher education news website. Mustapha Marrouchi, dean's professor of post-colonial literature at UNLV, was accused of ''serial plagiarism'' in an article published by the Chronicle of Higher Education on Thursday. In the article, written by Chronicle editor Brock Read, Marrouchi is said to have a history of borrowing from other authors in his fiction, non-fiction and critical works. (link)
Aug. 16, 2014: Several University of Notre Dame students, including four football players, are being investigated over academic fraud allegations, the university said. (link)
Aug. 14, 2014: A West Liberty man is accused of stealing thousands of dollars from Cedarville University. The Ohio Attorney General's Office says Andrew Davis, 30, was arrested in Indiana Tuesday on safe cracking, grand theft and breaking and entering charges. (link)
Aug. 14, 2014: When he took the job as the new executive director of marketing at Southwestern Michigan College in 2011, Gregory DeRue recommended to school officials an Indiana marketing company to handle its TV, radio and billboard advertising. The problem was, according to an 11-count indictment filed in U.S. District Court, DeRue failed to tell his bosses at the Dowagiac college that he owned the marketing company, DMG Media, and then used it to defraud the school of more than $200,000. (link)
Aug. 13, 2014: A disgraced Flagler College vice president inflated the records of incoming students since 2004 --- far longer than had initially be suspected, according to a recently released investigation. When Flagler College went digging into the records of the former vice president of enrollment Marc Williar, they realized much of what they thought they knew about incoming students was wrong. (link)
Aug. 11, 2014: Employee fraud is expensive - it's estimated to cost $3.7 trillion per year, globally - but at least there's a relatively cheap, low-tech way to limit it: Fraud hotlines, it turns out, are remarkably effective. About 42 percent of fraud cases in 2012 and 2013 originated with tips, most often from employees, according to a recent study by the Association of Certified Fraud Examiners. Yet only half of U.S. organizations had hotlines; only 12 percent offered rewards to whistle-blowers. (link)
Aug. 11, 2014: A former Merced College employee accused of stealing $363,000 from the school entered a plea of not guilty during his arraignment Monday. Prosecutors say Joseph Bisinger used a fake janitorial company to charge Merced College for services that never took place over a seven-year period. The charges went back to November 2007 and continued through February. (link)
Aug. 11, 2014: Court documents indicate a security guard involved in 2013 altercation at Mount Royal University has admitted to stealing a memory card that a filed lawsuit claims contains footage of his involvement --- and that of his peers --- in an alleged assault of a pro-life activist.(link)
Aug. 9, 2014: A former student employee at Virginia Wesleyan College faces federal charges of accessing a school database of more than 380,000 students and alumni, stealing identities and opening credit card accounts. Katecha R. "Tisha" Thomas, 28, is accused of stealing $11,000 from the credit card accounts, and she tried to get as much as $142,000 but was stopped by a credit card company that suspected fraud, federal authorities said. (link)
Aug. 8, 2014: The San Joaquin County District Attorney's Office is accusing McKinzie Heavenly Harrison, who is also known as McKinzie Croney, with illegally using a credit card terminal at the college food court where she works to falsely "refund" funds from VISA and prepaid VISA cards onto her personal ATM and debit cards. (link)
Aug. 5, 2014: A former Framingham State University employee used a school-issued charge card to steal $110,000 to fund a cocaine habit, Attorney General Martha Coakley's office alleges (link)
July 31, 2014: Former Westfield State University president Evan S. Dobelle improperly used hundreds of thousands of dollars from school accounts to pay for such things as frequent personal trips, electronic equipment for personal use, and a portrait of himself, then covered his tracks by filing false reports, according to a scathing new report by the state inspector general. (link)
July 31, 2014: Gov. Jay Nixon has asked the University of Missouri Board of Curators to review rankings attained by the business school at the University of Missouri-Kansas City. An investigation by The Kansas City Star showing a trail of exaggerations and misstatements by the Henry W. Bloch School of Management that raised questions among university faculty and students about the validity of the rankings. (link)
Compliance/Regulatory & Legal Events
Aug. 27, 2014: A panel of judges ruled in favor of the University of Missouri System in an appeals case Tuesday, determining that course syllabi are exempted from Missouri's open records law because they are ultimately the intellectual property of faculty members. The National Council on Teacher Quality, a Washington, D.C.-based education group, filed a motion in October 2012 requesting the university disclose course syllabi under the Missouri public records law known as the Sunshine Law. (link)
Aug. 24, 2014: As thousands of students prepare to flood college campuses, the government's consumer watchdog is urging universities to disclose how much money they receive when banks promote debit cards, prepaid cards and checking accounts on their campuses. (link)
Aug. 23, 2014: The College of the Holy Cross has settled a lawsuit filed last year by former basketball player Ashley Cooper, who had alleged in her complaint that she was struck and verbally abused by veteran coach Bill Gibbons. (link)
Aug. 20, 2014: A former University of Kentucky professor faked invoices, made graduate students work for his private consulting business for free while he pocketed more than $1 million, and ultimately misused more than $400,000, UK officials alleged Wednesday. (link)
Aug. 20, 2014: A Fashion Institute of Technology graduate from New Jersey is suing her alma mater and Barnes & Noble for allegedly using her backpack design without paying her, according to a report from ABC. Diana Rubio, 33, of Carlstadt, claims she designed "The Everything Backpack" in 2010 while she was a student at FIT. (link)
Aug. 19, 2014: The U.S. Department of Housing and Urban Development announced Tuesday that it has charged Kent State University and four KSU employees with allegedly violating housing discrimination laws after they denied a student's request for a waiver to keep a therapy dog in a university apartment for emotional support. (link)
Aug. 19, 2014: The University of Tulsa is being sued by a woman who alleges she was raped by basketball player Patrick Swilling Jr. in January. Swilling was suspended for the remainder of the basketball season, but prosecutors declined to charge him and the university cleared him of any violations of the student code of conduct. He is not a part of the lawsuit. (link)
Aug. 18, 2014: Morgan State University has settled a lawsuit contending that it did not do enough to protect a student who was beaten by Alexander Kinyua just days before Kinyua committed a cannibalistic murder. (link)
Aug. 12, 2014: The U.S. Department of Education's Office for Civil Rights will investigate Johns Hopkins University over concerns as to how the institution handles sexual violence on campus, the school confirmed on Tuesday. (link)
Aug. 11, 2014: Kevin Parisi is 5 feet, 5 inches tall and barely weighs 120 pounds. He's hunched over and walking with a cane after back surgery earlier this year. He suffers from severe anxiety and digestive disorders, along with extreme allergies and panic attacks. But in his junior year at Drew University in Madison, N.J., Parisi was accused of forcing a fellow student --- one who is now a professional athlete --- to have sex with him. He was kicked off campus and placed under investigation. Three months went by before he was found "not responsible" in a campus disciplinary proceeding. Local police never filed charges against him. (link)
Aug. 7, 2014: The University of Colorado is moving to fire a tenured faculty member after the Boulder campus paid $825,000 this week to settle a graduate student's allegations that the philosophy professor retaliated against her for reporting she was sexually assaulted by a fellow student. (link)
Aug. 5, 2014: The College of Charleston fired men's basketball coach Doug Wojcik on Tuesday, the school announced in a statement. The firing comes on the heels of an investigation into allegations that Wojcik verbally abused his players and staff. School President Glenn McConnell labeled Wojcik's dismissal as "just cause pursuant to the terms of his contract" but did not comment specifically on the reasoning or note any abuse. (link)
Aug. 5, 2014: A three-year appeals process over a discrimination complaint that was originally filed a decade ago by a longtime University of Massachusetts Dartmouth English Department faculty member has now cost the university nearly $1.2 million. (link)
Aug. 3, 2014: Pretending to be students, Professor Katherine Milkman and her colleagues emailed 6,500 professors at 259 of the nation's top colleges and universities requesting a meeting to discuss research opportunities before applying to a doctoral program. Each message was identical. The only variables were the senders' names, deliberately chosen to suggest an ethnicity and gender (e.g. Brad Anderson, Lamar Washington, Latoya Brown, Sonali Desai, Mei Chen). Here are the results in Milkman's own words: Professors "ignored requests from women and minorities at a higher rate than requests from white males. (link)
Campus Life & Safety Events
Aug. 27, 2014: An article called "So you want to date a teaching assistant" has set off a furor at Western University, in Ontario. The article appeared in the special issue of The Gazette, the student newspaper, for new students. The piece described strategies such as Facebook stalking, dressing to attract T.A. attention, office hours visits, and so forth. Reaction has been intense -- most of it negative. The union that represents T.A.s at Western posted a response saying that the piece had essentially been "a guide on how to sexually harass another human being." (link)
Aug. 25, 2014: A former Saint Mary's College employee pleaded guilty Monday after he was accused of drilling holes to peep on students in dorm bathrooms.(link)
Aug. 23, 2014: The University of New Mexico women's soccer coach and 22 players on the team were ordered suspended on Friday over a hazing incident that landed one extremely intoxicated freshman athlete in the hospital last weekend, the athletic department said. (link)
Aug. 21, 2014: Temple University is investigating after a student reportedly attacked and made anti-Semitic remarks to another student at an event welcoming students to campus. (link)
Aug. 19, 2014: Greek organizations and other clubs must submit student recruitment plans in advance and have members participate in new training programs, according to guidelines released by Cal State Northridge on Tuesday. The moves come after a 19-year-old student died earlier this summer during a fraternity pledge hike. Armando Villa was walking with other Pi Kappa Phi pledges off Big Tujunga Canyon Road and passed out along the trail after they apparently ran out of water, according to his family and authorities. (link)
Aug. 18, 2014: The University of Alabama is investigating a Bid Day incident involving a social media post with racially offensive language. Chi Omega national sorority leaders say they've already kicked the responsible member out of the chapter. The photo, sent via social media app Snapchat, shows three white women with a caption using a racial slur seemingly celebrating that Chi O pledged no black women Saturday -- despite the fact the sorority actually pledged two. (link)
Aug. 14, 2014: Three years after the state spent $25 million to build a state-of-the-art laboratory at the University of Wyoming for researching and diagnosing animal diseases, the crumbling facility sits empty. The ceiling fell in, the walls are bowed and the drywall is cracked. ''It imploded,'' said Bill Mai, University of Wyoming's vice president of administration. (link)
Aug. 18, 2014: A University of Arizona fraternity has been banned after a string of violations that include underage drinking and hazing. Phi Gamma Delta, better known as FIJI, received word Monday that the fraternity is no longer recognized by the university. (link)
Aug. 12, 2014: The University of Connecticut has suspended a fraternity and two sororities for hazing, providing alcohol to people younger than 21 and conduct that endangers students. The Greek organizations were notified Monday of the university's action and have until Friday to file an appeal. (link)
Aug. 11, 2014: American universities are suspending programs in West Africa in light of the Ebola outbreak, and taking measures to ensure that no one comes back to campus with the disease. (link)
Aug. 7, 2014: The University of Mississippi's plan to further move past its Confederate ties by renaming campus streets and easing use of the "Ole Miss" nickname has angered some critics, who accuse the school of a wholesale erasure of the state's history. (link)
Aug. 7, 2014: The University of Minnesota wants the Washington Redskins to wear throwback jerseys without the team name or logo for the Nov. 2 game against the Minnesota Vikings being held at the college's stadium. (link)
Aug. 6, 2014: Syracuse University Chancellor Kent Syverud is not happy that his school is nationally recognized as the number one party school in America. The chancellor, who took over for Nancy Cantor in January, sent a stern email to the student body Tuesday condemning the Princeton Review's decision. (link)
Other News & Events
Aug. 28, 2014: As a result of changes to healthcare benefits stemming from the implementation of the Affordable Care Act (ACA), and in an effort to better control costs, many higher education institutions are passing more of the cost of healthcare along to their employees. (link)
Aug. 28, 2014: A tree planted in memory of a University of Canterbury history professor has been felled to make way for campus building repairs. The University Council found the "very unfortunate event" resulted in the removal of a red beech memorialising distinguished history lecturer, Jim Gardner. (link)
Aug. 27, 2014: A College of Coastal Georgia professor had warned students he would lower the grades of students who say ''Bless you'' after someone sneezes during class, a spokesman for the college confirmed Wednesday. But the ban on ''Bless you” was intended to stop class disruptions and is not a curb on freedom of speech or religion or any reflection of the professor’s religious or political philosophy, the spokesman said. (link)
Aug. 19, 2014: Trustees at many American colleges and universities abandoned the public trust and allowed standards to slip even as costs soared and public confidence in higher education declined, a report says. (link)
Aug. 14, 2014: The University of Illinois has rescinded the job offer of a professor who wrote controversial social media posts about the war in Gaza, according to documents released by the university Wednesday. (link)
Aug. 1, 2014: The University of New Mexico's chief lobbyist has resigned following his third arrest for allegedly driving while intoxicated. (link)
July 31, 2014: Members of the University of Virginia's board of visitors are considering a policy that would limit their own ability to speak freely about decisions the board makes, including when members disagree with those decisions. (link)
July 29, 2014: Homophones, as any English grammarian can tell you, are words that sound the same but have different meanings and often different spellings --- such as be and bee, through and threw, which and witch, their and there. This concept is taught early on to foreign students learning English because it can be confusing to someone whose native language does not have that feature. But when the social-media specialist for a private Provo-based English language learning center wrote a blog explaining homophones, he was let go for creating the perception that the school promoted a gay agenda. (link)
If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports,
colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site at https://www.auburn.edu/administration/oacp.
If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.
Back to top
|