Quotable .....
“Life shrinks or expands in proportion to one's courage.”
-- Anais Nin
|
It is hard to believe we've reached the end of 2021. Here at AU, things were relatively normal for the latter part of the year and for that, we are thankful. We close 2021 with ominous warnings of new variants and hope those prove unwarranted over the coming weeks.
This marks the close of our thirteenth year of Case in Point. We appreciate those of you who take the time to read our publication every month. Also appreciated are the kind notes we've received throughout the year thanking us for this monthly effort. We hope our fourteenth year will continue to provide information to help you succeed in higher education.
Since we focus on risk each month in this publication, I thought I'd share some thoughts I've had lately on the topic. It appears to me that the pandemic has brought us to a place where a large segment of the population can no longer objectively assess risk. Perhaps it's the constant barrage of dire warnings, media hype, or even just the isolation that has occurred over the prior couple of years, but for some reason the ability to objectively look at risk and make intelligent decisions based on facts seems to be waning.
5 Random Thoughts I Have About Risk:
- Life is full of risk, and we will never eliminate it completely as either individuals or organizations.
- Both individuals and organizations that wisely assess risk and make intelligent decisions have an advantage over those who do not.
- It is okay to take risks. In fact, overly avoiding risk is a substantial disadvantage.
- Before taking a risk, objectively think about why it's a good idea to take the risk and why it might be a bad idea to take the risk. Related to this assessment, consider if there are things you can do to lower the risk.
- Security theater does not reduce risk no matter how much better it may make you feel.
We again invite you to review the various risks occurring across our industry with a view towards proactive risk management over your area. We hope you have a happy and safe holiday season.
M. Kevin Robinson, CIA, CFE
Associate Vice President
Office of Audit, Compliance & Privacy
Follow us on Twitter
Information Security & Technology Events
Dec 13: Ransomware: HR management platform Kronos has been hit with a ransomware attack, revealing that information from many of its high-profile customers may have been accessed. UKG, Kronos' parent company, said the vital service will be out for "several weeks" and urged customers to "evaluate and implement alternative business continuity protocols related to the affected UKG solutions." Kronos' work management software is used by dozens of major corporations, local governments, and enterprises, including: the City of Cleveland's government, Tesla, Temple University, Winthrop University Hospital, Clemson University, and UK supermarket chain Sainsburys. (link)
Dec 07: Phishing: Proofpoint researchers have identified an increase in email threats targeting mostly North American universities attempting to steal university login credentials. The threats typically leverage COVID-19 themes including testing information and the new Omicron variant. Proofpoint observed COVID-19 themes impacting education institutions throughout the pandemic, but consistent, targeted credential theft campaigns using such lures targeting universities began in October 2021. Following the announcement of the new Omicron variant in late November, the threat actors began leveraging the new variant in credential theft campaigns. (link)
Dec 07: Ransomware: Pellissippi State Community College determined that a network system outage appeared to be the result of a ransomware attack Tuesday. The incident has since been contained, and experts are currently working on getting the computer systems operational as soon as possible, an announcement from school officials stated. (link)
Dec 07: IT Compliance: There is a significant rise in regulations associated with IT systems and enterprise data. It is a mandate that IT professionals look after every aspect of these regulations, or else there is a possibility of heavy financial implication due to non-compliance. Let us accept one fact that compliance is a part of life for any organization, particularly those industry verticals, which are highly regulated such as financial services, healthcare, and government. The moment we mention the word compliance, it immediately resonates with legal, compliance, and risk teams. However, there is a considerable involvement of IT departments in ensuring adherence to the organization's compliance. (link)
Dec 03: Data Breach: For victims of crimes and those receiving medical care, the protection of one's identity, privacy and dignity is critical. As of Dec. 2, anyone with a Tulane University email address could access the Tulane University Police Department's unredacted Daily Activity Reports. The public DARS openly shared the names of victims, witnesses, reporting persons, those seeking medical attention and suspects who interacted with TUPD. The files were publicly accessible for nearly two years. TUPD was only made aware of their visibility yesterday evening and secured the documents on Dec. 3. (link)
Dec 01: Ransomware: Two community colleges were victims of ransomware attacks in the last week, the latest in a string of costly cyberintrusions at American higher education institutions. The latest institutions to be targeted--Butler County Community College in Pennsylvania and Lewis and Clark Community College in Illinois--remain closed as officials grapple with the aftermath of the attacks. Posts on a Lewis and Clark Facebook page make clear the scale of the attack as students vented about being shut out of their email, Blackboard, laptops and all other platforms requiring a college log-in. The incidents are part of a rising wave of ransomware attacks targeting American colleges and universities. (link)
Fraud & Ethics Related Events
Dec 14: China Initiative: Inside a Kansas City courtroom, Peter Zeidenberg is growing frustrated. The wiry, gray-haired lawyer isn't making much headway persuading a judge to throw out evidence obtained as a result of what he calls misconduct by the Federal Bureau of Investigation. His client, Franklin Tao, a former University of Kansas chemical engineering professor facing 20 years in prison, is furiously scribbling notes and passing them to his defense team. "They were looking for a spy, looking for evidence of espionage of trade secrets," Zeidenberg says, his voice rising in exasperation. But they found none, he says, because there wasn't any. "At the end of the day, they just have a conflict-of-interest form where the box wasn't checked." (link)
Dec 12: As a former Harvard Chemistry chair goes on trial on federal charges beginning Tuesday, law and trade experts speculated that his case's outcome could decide the fate of the Department of Justice's China Initiative. The professor, charged in January 2020 with making false statements to U.S. government officials regarding his involvement in China's Thousand Talents Plan -- and four subsequent tax-related felonies -- is the latest person to be brought to trial as part of the DOJ's China Initiative. The program, launched in 2018 under the Trump administration, aims to curb "trade secret theft, hacking and economic espionage." (link)
Dec 09: Occupational Fraud: A former East Los Angeles College dean has been charged with embezzlement after allegedly overbilling his employer for trips he went on, the Los Angeles County District Attorney's Office announced Thursday. The dean faces one felony count each of misappropriation of government funds and embezzlement of government funds. He allegedly overbilled the college about $1,575 for several hotel stays, and is accused of forging documents he submitted for reimbursement between March 2017 and 2019, officials said. (link)
Dec 08: Occupational Fraud: A long-time employee of the University of Lethbridge (U of L) has declared herself not guilty of defrauding the organization out of a significant amount of money. In March 2018, members of the U of L discovered fraud perpetrated by a fellow employee. The investigation by LPS found that the woman allegedly "abused her detailed knowledge of the financial systems of the U of L and falsified records to conceal the estimated theft of $580,000." (link)
Dec 06: Theft: A man has been charged with four felonies in a case where he is accused of breaking into property at York College and stealing a large amount of copper. The case began when an officer with the York Police Department responded to a possible break-in of a property owned by York College. The officer was advised by a college employee that he found approximately 750-1,000 pounds of copper (both new and used) to be missing. The officer was informed that the man's deceased brother had worked at York College and may have had keys to the building -- it was uncertain if the keys had been returned after the brother's death. (link)
Dec 02: Grant Fraud: Washington State University's (WSU) recent settlement with the HHS Office of Inspector General (OIG) for more than $800,000 followed a university-wide audit that occurred after a salary of a single NIH-funded principal investigator (PI) was suspected of exceeding an award cap, RRC has learned. WSU was one of two institutions in the Evergreen State to recently settle allegations related to grant fraud. In October, the University of Washington (UW) settled with the Department of Justice (DOJ), agreeing to pay $801,756 to resolve False Claims Act allegations. (link)
Compliance/Regulatory & Legal Events
Dec 14: Tuition Refund Lawsuit: Another class action lawsuit has been filed against Syracuse University, demanding the school refund students some of the tuition and fees it charged them for the spring 2020 semester that was interrupted by the Covid-19 pandemic. Shelby Poston, an SU student from Pottstown, Pennsylvania, is named as the lead plaintiff in the suit filed in state Supreme Court in Onondaga County. Nationwide, lawyers have filed more than 300 of these suits on behalf of students and parents demanding refunds of tuition for educations interrupted by the pandemic, according to a report in Inside Higher Ed. (link)
Dec 14: Title IX Lawsuit: Standing in a room full of football players this fall, the police chief for Utah State University told each young man to make sure that when he has sex that it's consensual -- especially if he's with a Latter-day Saint woman. SU police Chief Earl Morris warned the team that LDS women will often tell their bishop, when questioned about it, that sex was nonconsensual because it's "easier." They might be "feeling regret," he continued, for having sex before marriage, which goes against the faith's teachings of abstinence, so they'll say it was assault. (link)
Dec 13: Governing Board Lawsuit: Nearly a month after the end of a 34-day student protest at Howard University, a group of the school's alumni has filed a lawsuit accusing the campus of improperly excluding students, alumni and faculty from its board of trustees. The lawsuit, filed Monday in D.C. Superior Court, alleges one of the students' core demands -- a call to reinstate alumni, faculty and student affiliate positions to the university's governing body -- remains unmet. (link)
Dec 10: NCAA Compliance: A former Auburn men's basketball associate head coach violated NCAA ethical conduct rules when he accepted $91,500 in bribes from a financial advisor in exchange for impermissibly influencing student-athletes and their families, according to a decision released by a Division I Committee on Infractions panel. Additionally, the associate head coach provided inducements and benefits to two men's basketball student-athletes and their families. The men's basketball head coach failed to adequately monitor the associate head coach and did not promote an atmosphere of compliance. (link)
Dec 08: Sexual Misconduct Class Action: Allegations of misconduct by a disgraced Ottawa doctor were brought to the University of Ottawa "in or about" 1995 and were ignored, according to two sworn affidavits by former patients included in a class-action lawsuit against the doctor, the school, the on-campus clinics where he worked and company that managed them. According to court documents, both women, who are identified by initials A.M.C and C.E.G., and who know each other through a family member, allege the doctor sexually assaulted them at the University of Ottawa Health Services (UOHS) clinic on campus in the 1990s. (link)
Dec 07: Discrimination Lawsuits: Four years after the University of Iowa began vehemently denying allegations it discriminated against a student organization by punishing it for barring an openly gay member from becoming a leader of the group, the state will pay the law firm representing the student group nearly $2 million. In a pair of judgments from lawsuits that the Business Leaders in Christ student group -- known as BLinC -- filed against the UI in 2017 and that Intervarsity Christian Fellowship filed in 2018, the U.S. District Court ordered the university to pay a combined $1.93 million for attorney fees and damages. (link)
Dec 05: Wire Fraud: A Former Quinnipiac University professor and Carlton Highsmith Chair of Innovation and Entrepreneurship is accused of defrauding an investor of more than $1 million, according to federal prosecutors. The professor, who worked at Quinnipiac until 2018, was arrested Nov. 30 by officers from the Department of Homeland Security and charged with wire fraud, according to an indictment from the U.S. Attorney's Office for the Southern District of New York. (link)
Dec 02: Abduction/Sexual Battery: A professor at Liberty University is accused in the abduction and sexual battery of a student, according to the evangelical school and Lynchburg, Virginia, court records. Court records say the alleged sexual battery happened in September, while the alleged abduction by force happened on Nov. 19, the day before campus police arrested him. (link)
Dec 01: Shoplifting: An unlikely shoplifting suspect faces multiple counts. Gwinnett County Police booked a longtime professor of criminal justice at Georgia Gwinnett College on shoplifting charges on November 22. "It was definitely a surprise that he was a college professor and he taught criminology," said Gwinnett County police spokesperson Hideshi Valle. Authorities say he used the self-service checkout scanner, paying for a few items but walking away with others he never scanned. (link)
Dec 01: Sexual Assault Settlement: Columbia University announced a settlement Wednesday with dozens of women who say their former gynecologist abused them while he was their doctor. The $71.5 million settlement was reached with 79 women. Claims by dozens of other patients have not been settled. In 2014, New York State prosecutors filed criminal charges against the doctor for sexual assault involving six women. (link)
Campus Life & Safety Events
Dec 16: Police Surveillance: Katie Wilson went to Provo police six years ago to report that a man had sexually assaulted her. She was a student at Brigham Young University, but she didn’t talk to the school’s police force because it had happened off campus. So when she recently learned that her case appeared in newly released emails from a BYU police lieutenant to other school officials, she gasped. Suddenly, Wilson said, her conversations with an associate dean made more sense. The emails don’t show what information the police lieutenant may have shared after he used a restricted database to access Wilson’s case file in Provo. (link)
Dec 14: Racial Issues/Speech: The termination of a Fordham University professor reportedly stemmed from his repeated confusion over the names of two students who allegedly said they felt he was mixing up their names because they were Black.Former English department adjunct professor was terminated Oct. 25 and placed under investigation following a string of communications with his students attempting to explain the mistake, according to the university's campus paper The Fordham Observer. (link)
Dec 13: Sexual Assault: Two men with ties to the University of Florida and who have been recent subjects of separate sexual assault investigations were arrested after Gainesville Police Department officers determined there was probable cause to recommend charges. A 19-year-old Santa Fe College student and past social events chair of the UF fencing club was arrested Tuesday after admitting to police that he sexually assaulted an acquaintance over the summer. Another student was arrested in early July after police say he sexually assaulted a fellow UF student this spring. (link)
Dec 10: Campus Threat: Police have charged a 19-year-old student for allegedly planning an attack on the Embry-Riddle Aeronautical University in Daytona Beach, Florida. The Daytona Beach Police Department (DBPD) arrested the student on Thursday and charged him with written threats to injure or kill, terrorism and attempted first-degree homicide after he allegedly planned to "shoot up" the Embry-Riddle campus the day before the school's winter break, according to a Thursday news release. (link)
Dec 09: Campus Threat: A William & Mary student has been charged after he made a social media post about bombing the campus. The university said William & Mary Police were informed about a bomb threat made on social media on Dec. 8 and sent out an alert to campus just after 11 a.m. In addition to campus police, Virginia State Police and Newport News Police responded to the incident. (link)
Dec 06: Cyberstalking/Hazing: Seven members of Ole Miss' Pi Kappa Alpha fraternity, suspended from campus in November, were arrested Friday on cyberstalking charges, according to Lafayette County Detention Center officials. They are accused of sending harrassing emails and text messages to a former fraternity member who reported to the university hazing at the fraternity house in the fall, according the detention center officials. are accused of sending harrassing emails and text messages to a former fraternity member who reported to the university hazing at the fraternity house in the fall, according the detention center officials. (link)
Dec 05: Attempted Sexual Assault: High Point police arrested a suspect accused of burglary and attempted sexual assault on Sunday, according to the High Point Police Department. Around 6:15 a.m., officers with the HPPD responded to the High Point University campus when they were told about a burglary and attempted sexual assault. According to the warrants, the suspect broke into a dormitory and tried to "sexually attack" two women. He is accused of striking and shoving them. He is also accused of breaking into Smith Library and Wrenn Hall. (link)
Dec 04: Campus Threat/Student Death: A Florida Institute of Technology student who was reportedly wielding a knife at students on campus was fatally shot by officers Friday night, authorities said. Police officers and school security responded shortly before 11 p.m. to reports of a man on the Melbourne campus "armed with a knife and assaulting students," the Melbourne Police Department said. Officers confronted the man in a campus building "armed with an edged weapon," the department said. (link)
Dec 02: Hazing: Eight people have been arrested on various criminal charges after they were allegedly involved in a hazing incident at a fraternity at Georgia College and State University, officials said. One college student was hospitalized for alcohol-related sickness after an alleged incident of hazing on Nov. 10 at the Sigma Alpha Epsilon fraternity house in Milledgeville, according to The Union-Recorder. It said eight people were arrested and charged with supplying alcohol to minors, and one was charged with hazing. Both crimes are misdemeanors. (link)
Dec 01: Student Death/Fraternity Suspension: Michigan State University (MSU) and the Pi Alpha Phi national organization have suspended the university's fraternity chapter after alcohol consumption was suspected to have played a part in the death of 21-year-old Vietnamese American junior Phat Nguyen. Nguyen was one of four new recruits of MSU's Pi Alpha Phi fraternity, according to a Nov. 19 Facebook post by the fraternity. (link)
Dec 01: Campus Housing Conditions: The University of Georgia student came to campus this semester with everything she was told she'd need for her first semester of college, including an air purifier. The student, who lives in Hill Hall, and many others say they're often sick inside their dorms. They believe the illnesses -- intense coughing, severe sore throat, congestion -- are a result of substandard housing conditions from rooms that are improperly ventilated or old. (link)
If you have any suggestions, questions or feedback, please e-mail Kevin Robinson at robinmk@auburn.edu or Robert Gottesman at gotterw@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site.
Back to top
© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Office of Audit, Compliance & Privacy is listed as the source.