Case in Point:
Lessons for the proactive manager

As someone who has spent their career assisting in risk related activities in the higher education environment, I can recall several times where the topic of pandemics would show up on some risk assessment or heat map. Honestly, to me it was one of those risks that while certainly possible, I never really expected to experience. Then came COVID-19.

This publication has become widely distributed across higher education not only within the United States but also at many international institutions. As a result, I attempt to write for a wide audience. However, I feel compelled to briefly give kudos to Auburn University President Jay Gouge and his leadership in preparing our institution for this event.

I recall sitting in the President's cabinet meeting in January 2020, and Dr. Gogue mentioning the COVID-19 issues occurring in China. He went on to ask the AU Cabinet to being working on an operational plan should we have to carry out our mission remotely for 30 days. Little did I know in January how prophetic this instruction would become over the next two months. We have been very blessed at AU with visionary leaders throughout the executive leadership team here at AU. I hope your experiences at your institutions have been similar.

So what does one write about in the midst of a global pandemic? Honestly, I have no clue, but I thought I would share five things that came to mind.

1. If you are working remotely, find a routine that works for you. One person told me that they still get dressed and ready just as if they are going to work in their office every day. They have found this helps them gain the right focus to still be productive in this new world.
2. Take a break. It is okay to take a short walk (with appropriate distancing or by yourself). This is all new for us and sometimes stepping away for a few minutes can result in much more productivity.
3. Do not hide on video conference calls. Most of us miss interaction with our colleagues, and I think we all miss something when looking at a non-video participant on these calls. Sure, it is weird, and I hate looking at myself on the screen, but it is the hand we have been dealt at the moment. We should maximize the interactions we have even if only on a video call.
4. Use any down time for personal growth. Get better during these days by improving not only technical knowledge, but also person growth, leadership, emotional intelligence, management, communication, etc. Find an area you want to improve on, and use the time you have to capitalize on it. This is probably more valuable than watching Tiger King on Netflix.
5. Do not forget that protecting data and information is still important. The privacy laws governing information and materials you may be accessing or using remotely are still in place. Remember that and make wise security and privacy decisions.

One thing that has occurred during the pandemic is an increase in phishing emails and attempts to comprise systems, not only in higher education, but also in virtually all industries. Jim O'Conner, VP for Information Technology at AU, and his team wrote some excellent suggestions for AU employees regarding phishing. These are presented with his permission with some with slight modification so they relate to any institution or organization.

I hope that a few of the items in this month's column are of some use to you. Even more so, I hope that when you hear from us next month our world will be returning to normalcy. In the meantime, please look at the issues occurring across higher education with a view toward proactive management. As always, we welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE
Associate Vice President
Office of Audit, Compliance & Privacy
Follow us onTwitter

Information Security & Technology Events

Mar 25: Online Classes: Saboteurs using "racist and vile language" infiltrated and disrupted online classes held by the University of Southern California, the school's president disclosed Wednesday, the latest incident in a trend some have dubbed "Zoombombing." Zoom is a videoconferencing tool that many colleges and universities are using to help finish their semesters through remote teaching, after the coronavirus pandemic put a halt to in-person classes. (link)

Mar 25: Privacy: Most colleges and universities across the country have pivoted to remote learning in an effort to stem the spread of the novel coronavirus sweeping the globe. While the sudden change is necessary, some privacy experts worry about the unintended consequences. Ensuring the software colleges are now using doesn't violate the Family Educational Rights and Privacy Act, or FERPA, is one key issue, according to Amelia Vance, director of youth and education privacy at the Future of Privacy Forum. Another issue is the potential for increased surveillance of students as colleges switch from in-person classes to virtual ones. (link)

Mar 21: Data Breach: Some University of Utah Health patients' personal medical data, including medical record numbers, dates of birth and limited clinical information, was hacked after employee emails were compromised, the hospital said on Friday night. Officials said as of Friday, there was no indication patient information had been misused. On Feb. 3, officials found that a common malware may have been put on an employee's workstation, which was then secured by U of U Health, and an investigation was opened into this incident. (link)

Mar 17: Data Breach: Personal and tax information for more than 1,700 current and former employees of the College of DuPage may have been impacted by a recent data security breach, officials at the Glen Ellyn school said Monday. President Brian Caputo said officials believe it's unlikely the information contained in the 2018 W-2 forms of 1,755 current and former COD employees was obtained or used for fraudulent purposes. (link)

Mar 06: Data Breach: After an investigation of a Dec. 2019 data breach, a "leading computer forensic firm" found that a server that was compromised during the breach contained names, email addresses, dates of birth "and, in some cases, Social Security numbers," of former and current Wichita State students, faculty and staff, according to a university statement. David Miller, interim chief information officer, said in his statement that all affected individuals would receive a letter to their home address. (link)

Mar 08: Cyber Attack: The University of Kentucky and UK HealthCare conducted a major reboot of their computer systems early Sunday morning in an effort to end a month-long cyber attack that university officials say is the most substantial cyber intrusion in university history. The unidentified "threat actors" infiltrated Kentucky's largest university system in early February from somewhere outside the United States and installed malware that utilized UK's vast processing capabilities to mine cryptocurrency, such as Bitcoin, said Eric Monday, UK's executive vice president for finance and administration. (link)

Mar 02: Data Breach: A Metro Vancouver university has sent out an alert that a data breach has taken place at the institution. Simon Fraser University (SFU) states on its website that a privacy breach was identified on February 28. Information that was exposed includes SFU Computing IDs; SFU student or employee ID numbers; first, last, and preferred names; birthdates; employee groups; mail list memberships; course enrollment; external email addresses; web form data; and encrypted passwords. (link)

Fraud & Ethics Related Events

Mar 19: Conflict of Interest: An investigation into the University of Texas at Arlington found improper financial relationships between a school administrator and a private vendor that helped the school provide an online nursing program. The investigation, conducted by the consulting firm Protiviti, also found that outgoing UT-Arlington President Vistasp Karbhari took at least two international trips with executives from the vendor company and allowed the vendor to push for expedited enrollment processes that let under-qualified students enroll into the school's online nursing program. (link)

Mar 19: Falsifying Grant Reports: Eva Lee's work on modeling mass disease outbreaks is so well-known that the U.S., China and Singapore have sought her help in fighting COVID-19. At the same time, her employer, Georgia Tech, has banished her from campus and locked her out of her university email account. Lee is a brilliant computer modeler. Lee, 55, is also an admitted felon, although her attorney questions the prosecution of her. In December she pleaded guilty in U.S. District Court to falsifying the annual report behind a $40,000 National Science Foundation grant and then lying about it to investigators. (link)

Mar 10: Fraudulent Leave: A former West Virginia University professor admitted to a fraud charge involving WVU, the Department of Justice said. Dr. James Lewis, 54, or Fairview, pleaded guilty to one-count information charging him with "Federal Program Fraud," according to the DOJ. Lewis was a tenured professor at WVU in the physics department, specializing in molecular reactions used in coal conversion technologies from 2006 to Aug. 2019. "Lewis defrauded a public university into giving him leave, so that he could satisfy his competing obligations to a Chinese institution, which he hid from the school," said Assistant Attorney General for National Security John C. Demers. (link)

Mar 06: Theft: A man is in custody after police say he stole more than $12,000 worth of equipment from the University of Iowa Hospitals and Clinics. Stuart Sellers, 45, is facing charges for 3rd-degree burglary. According to court documents, prosecutors charged him with 11 counts in February. He is also facing theft charges. Sellers allegedly went into hospital offices without permission on Feb. 4 around 3:30 a.m. Police say he took personal items and office equipment from 12 different offices. (link)

Mar 04: Academic Cheating: The University of Alberta has charged 40 students from two introductory computing science courses with cheating. In a Feb. 28 letter to computing science students, the university said the students, from the fall term, "face significant sanctions." The U of A warned it would continue to screen all student assignment submissions and "any students found guilty of cheating will be charged." Eerkes said students caught cheating face a range of sanctions -- from being assigned a zero on an assignment and a grade reduction to failing the class, a reprimand that goes on their record, suspension, and, for repeat offenders, expulsion from the university. (link)

Compliance/Regulatory & Legal Events

Mar 27: Sexual Harassment Settlement: The University of Rochester (U of R) is paying $9.4 million to settle a high-profile sexual harassment lawsuit that divided an esteemed department, landed two of the plaintiffs on the cover of Time magazine, and was closely watched by other institutions of higher education. The plaintiffs announced the settlement today as they issued a joint statement with the university. The lawsuit, filed in December 2017 by nine now-former professors and students in U of R's Department of Brain and Cognitive Sciences, alleged that the university retaliated against and defamed them after they alleged sexual harassment by linguist Florian Jaeger. Three plaintiffs also alleged that Jaeger created a sexually hostile environment. (link)

Mar 26: Title IX: The Office for Civil Rights is holding Penn State accountable for failing to protect students and address their sexual abuse complaints after the office launched an investigation into the university following the Jerry Sandusky child sex abuse case, according to a press release from the United States Department of Education. Penn State must now provide "individual remedies" for students whose complaints were handled improperly or inequitably, as determined by the OCR. (link)

Mar 23: Title IX: Title IX hearing delays are just one consequence of the nationwide scramble to move college operations online at a moment's notice. Officials must figure out what to do about their open sexual-assault investigations and ensure that students still have a way to report misconduct that occurs while they aren't going to in-person classes, like online harassment. (link)

Mar 18: Sex Crimes: Authorities arrested an employee of the Cape Fear Community College earlier this month, charging him with four felony sex crimes against children, including a 12-year-old male victim. Justin Louis Stermer, 28, was arrested on Friday, March 6, by detectives with the New Hanover County Sheriff's Office (NHCSO). Stermer was hired by CFCC in 2015 as a part-time stage worker and was promoted to production manager in 2018. He is currently suspended. (link)

Mar 12: Sexual Assault Allegation: A UCLA cardiologist should have his medical license revoked for sexually assaulting a fellow doctor while he was working at L.A. County-USC Medical Center, according to an administrative law judge. Dr. Meena Zareh said Dr. Guillermo Andres Cortes forcibly kissed her, stuck his tongue in her mouth and penetrated her vagina with his finger in a call room at the Los Angeles County Department of Health Services' flagship hospital in November 2015. Zareh "proved by clear and convincing evidence" that Cortes assaulted her, according to a decision by Administrative Law Judge Thomas Heller last month. Cortes' medical license should be stripped for "unprofessional conduct" as a result, Heller wrote. (link)

Mar 11: Negligence Lawsuit: A Chautauqua County woman is suing Syracuse University after she sustained permanent injuries when she tripped and fell on a sidewalk at the Schine Student Center. The case, filed Tuesday morning in Chautauqua County Supreme Court, alleges that Claudia Riley sustained "severe and permanent injuries" as a result of SU's carelessness and negligence. SU knew about dangerous conditions at the building when Riley tripped in July 2017, the suit alleges. (link)

Mar 10: Discrimination Lawsuit: A new lawsuit was filed in Wayne County (Michigan) Circuit Court by former Michigan State assistant and recruiting coordinator Curtis Blackwell on Tuesday. The suit alleges that he was discriminated against upon his firing and that representatives of the program secretly recorded closed practices of at least one upcoming, out-of-state opponent. According to Detroit News, Blackwell is claiming breach of contract claim and violations of the state's Elliott-Larsen Civil Rights Act. He is already suing Michigan State and former coach Mark Dantonio in federal court. (link)

Mar 09: Overcharging Students: A new state audit called out UF's practice overcharging students to apply to the university and attend freshman orientation. In response to the violation of state law, UF reduced its fees, but it's still unclear if students will be refunded. In addition to student fees, the audit found three other instances where UF violated state guidelines by exceeding severance payments, failing to cancel former faculty's purchase cards in a timely manner and lacking a disaster recovery plan for UF Information Technology in case of a hardware or system failure. (link)

Mar 09: NCAA Violations: Following the conclusion of an investigation involving its former head men's basketball coach, Siena College has been notified of four Level II NCAA violations. The College initially conducted its own separate investigation with the assistance of outside legal counsel, and self-reported to the NCAA as it became aware of potential violations. The NCAA acknowledged as mitigating factors Siena College's prompt response, acceptance of responsibility and imposition of meaningful corrective measures, affirmative steps to expedite final resolution, and absence of prior Level I or Level II violations. (link)

Mar 07: Open Records Law: A judge has ruled the University of Colorado's Board of Regents violated the state's Open Records Act in refusing to release the names of the six semifinalists for the job as the system's president. The board refused a request for the information filed by the Daily Camera newspaper in Boulder and the newspaper filed a lawsuit last September. (link)

Mar 06: Rape Charge: A Bridgewater State University professor has been suspended after he was charged this week with raping a female student inside his office at the college back in October. Nicholas R. Pirelli, 36, of 46 Cliffside Drive, Plymouth, was arrested Wednesday by the Bridgewater State University Police Department in connection with an alleged rape that occurred on the campus on Oct. 20, 2019. A female student, who is not a student of Pirelli's, told police that she had met him last October through the website seeking.com, which matches "sugar babies" and "sugar daddies," according to court documents. (link)

Mar 06: Sexual Abuse Lawsuit Settlements: Ohio State University announced Friday it has settled 11 of the 18 lawsuits that were filed against the school by some 350 men who charged they were sexually abused by Dr. Richard Strauss. OSU did not disclose how much money it agreed to pay out, but in a press release it said the funds would be allocated by an independent special master "on an individual basis based on the harm and damages experienced by each survivor." (link)

Mar 06: Child Sex Crime Charge: A man recently charged with a child sex crime provided massage services to some University of Kansas women's athletic teams since 2015, the school's chancellor and athletics director said. Chancellor Doug Girard and Athletic Director Jeff Long said in a statement Thursday that they were "deeply troubled" by initial findings of an internal inquiry into massage therapist Shawn O'Brien. O'Brien, 48, of Lawrence, was charged Feb. 21 with one count of indecent liberties with a child after a girl accused him of touching her sexually seven or eight years ago under the guise of a "massage." (link)

Mar 04: Admissions Scandal: A judge on Tuesday ordered USC to turn over sensitive internal documents to Robert Zangrillo, a Miami investor charged with securing his daughter's admission to the school through fraud and bribery. The ruling by U.S. Magistrate Judge Page Kelley was a victory for Zangrillo, whose defense hinges on the theory that USC routinely shunts the children of donors and prospective donors into a "VIP" pool of applicants, who are more likely to be admitted than students who apply through the standard process. (link)

Mar 03: Age Discrimination Settlement: The University of Kansas has settled an age discrimination lawsuit brought on behalf of a former employee who said he was ousted in retaliation for raising the alarm that his department was told to fill job openings with mainly millennials and other young people. Under a consent decree agreed to last week with the Equal Employment Opportunity Commission, which filed the lawsuit on behalf of former school employee Jeffrey Thomas, the university pledged to not discriminate against job applicants or employees based on age and to give Thomas $144,000 in back pay and damages, KCUR-FM reported. (link)

Mar 02: Theft & Trespassing: A Johns Hopkins University Campus Security employee was apparently behind multiple recent reports of theft and trespassing in the Charles Commons Residence Hall. In a safety alert sent to all students and staff, Campus Security said the employee has been identified and confessed to the crimes. According to the University, the employee has been fired and banned from all Johns Hopkins University properties. (link)

Mar 02: Title IX Lawsuit: Over the last year, students at the University of Nebraska-Lincoln have pointed to what they say are systemic failings in how the university investigates and addresses instances of sexual misconduct on its campus. A lawsuit filed by an unnamed woman last week in Lancaster County District Court echoed the concerns of Dear UNL members, charging the university acted with "deliberate indifference" after she reported being drugged, raped and later stalked by another student in the fall semester of 2018. (link)

Mar 02: Sexual Misconduct Policies: The University of Texas at Austin will make termination the "presumptive punishment" for employees who commit sexual assault, sexual harassment, stalking or interpersonal violence, and it will make available to the public information about those not fired for the four offenses. The planned policy changes come after an external law firm hired to review the flagship's sexual misconduct-related policies delivered recommendations to UT-Austin President Greg Fenves. (link)

Mar 01: Title IX: A Ohio University student filed a lawsuit against the university and a former football player from Cleveland, saying the player sexually assaulted her and that university officials knew about the abuse but did nothing meaningful about it. The woman, identified as "Jane Doe #1," was the victim in a criminal case Amir Miller faced in Athens County Common Pleas Court. Miller, 22, pleaded guilty Feb. 7 to felony menacing by stalking and entered a diversion program. The lawsuit alleges violations of Title IX, a federal law that protects people from sex discrimination in higher education. (link)

Mar 01: DUI & Misconduct: An officer with the University of Cincinnati Police Department (UCPD) was suspended following his arrest for operating a vehicle while under the influence of alcohol (OVI), leaving students questioning their safety on campus. Following a history of misconduct and a Jan. 26 OVI arrest by Ohio state troopers, UCPD Officer Andrew Mueller's police powers have been suspended. Mueller has a documented history of misconduct related to alcohol abuse, with three investigations opened in the past year in response to his conduct while under the influence, according to the report. (link)

Mar 01: Misconduct Resignation: A U of I officer charged with official misconduct has resigned. Interim UIPD Chief Matt Myrick said the department accepted the resignation of Jerald Sandage on Thursday. Sandage was arrested in December for incidents that happened between February 2017 and January 2018. Officers said Sandage misused law enforcement databases and security cameras to find personal information about women on and off the U of I campus. (link)

Campus Life & Safety Events

Mar 20: Racial Issues: Amherst College has placed its men's lacrosse team on probation through the 2021 season and terminated coach Jon Thompson following what the school said was a racial incident involving members of the team. According to the Amherst Student, the school's newspaper, the alleged incident happened March 7 outside a player's dormitory room on campus. In the letter, the college also referenced other "deeply troubling cases" in the past involving members of the Amherst men's lacrosse team. (link)

Mar 19: COVID-19 Death: With the death of longtime pathology professor Stephen Schwartz, age 78, the University of Washington community has suffered its first loss from the COVID-19 pandemic. Schwartz was known as a researcher, mentor, advocate, and character -- a guy who loved to argue over beers at Drinking Liberally. (link)

Mar 18: Arson: A student accused of setting an off-campus fire is the only suspect in about 20 fires set on the campus of the University of South Carolina Upstate, police said. Brandon Michael Burt, 19, of Suwanee, Georgia, was booked Monday in the Spartanburg County jail on a charge of third-degree arson, news outlets reported. Burt is also suspected of setting about 20 fires since February on the USC Upstate campus, said Dave Myers, the university's assistant chief of police. Myers said Burt was named as a person of interest after being spotted near some of the fires. (link)

Mar 09: Shooting Death on Campus: An early-morning shooting at Stillman College has left one person dead. The shooting is believed to have happened sometime between 3 a.m. and 5 a.m. Monday, according Capt. Jack Kennedy of the Tuscaloosa Violent Crimes Unit. Tuscaloosa police, Stillman College police and the violent crimes unit all responded. Authorities have now identified the slain man as 22-year-old Davanta Anderson. Kennedy said "significant issues of self-defense" have been raised during the day-long investigation. The campus is closed today to allow investigators to process the scene. (link)

Mar 09: Campus Closures: The University of Washington said on Friday that it would cancel in-person classes and have students take courses and finals remotely while the Seattle area grapples with a growing coronavirus outbreak, in a move that other colleges around the country are preparing to follow if the virus becomes more widespread. Over the last few days, a growing number of universities have mobilized emergency planning teams to envision what a shutdown would look like, especially if students bring the virus back with them from spring break, which starts Friday on many campuses. (link)

Mar 05: Campus Threats: A Minneapolis man has been charged with making threats through a university's incident reporting system. The U.S. Attorney for the District of Minnesota announced that Jeffrey Colin Purdy is charged with one count of threatening communication. The complaint goes on to say from Aug. 30, 2017 through Feb. 21, 2020, Purdy used the university's Silent Witness Report, an anonymous incident reporting tool, to make violent threats against the individual. (link)

Mar 05: Fraternity Suspension: A Fresno State fraternity has been placed on suspension following an allegation of sexual assault. On Thursday, the university announced that Kappa Sigma fraternity has been placed on interim suspension, effective immediately. A press release says that the suspension comes in response to an "alleged assault incident that was recently reported on social media." (link)

Mar 04: Coronavirus Themed Party: A group of Asian American students attending the University at Albany are demanding the school open an investigation into a coronavirus-themed party hosted by students last weekend. Video of the off-campus party was first posted on the Barstool Albany Instagram account Sunday night, prompting the university's Asian American Alliance to release a statement condemning the event and demanding an official apology. The video, which has since been deleted, showed a bucket full of Corona beers and a person wearing a surgical mask. A caption attached to the video read, "Corona virus isn't gonna stop anyone from partying," according to WGY News Radio in Albany. (link)

Mar 02: Serial Burglary: Police are searching for a serial burglar accused of targeting students and staff at Pittsburgh-area universities. Police have issued an arrest warrant for Karim Davis, 37, of Tigard, Oregon. According to court paperwork, Davis is accused of making his way onto college campuses, breaking into rooms and then walking away with thousands of dollars in stolen items. (link)

Mar 01: Arson: A man was arrested Saturday after police said he started a fire inside a University of Louisville dormitory bathroom. According to an arrest report, police took Antonio Spuria, 18, into custody after witnesses and evidence pointed to him setting a 55-gallon garbage can on fire around 2 a.m. Saturday inside the men's restroom on the second floor of Miller Hall Dormitory, located on U of L's Belknap Campus. Multiple students were inside the dorm at the time of the fire, and the building had to be evacuated for several hours while crews with the Louisville Fire Department cleaned up and repaired its sprinkler system, according to Spuria's arrest report. (link)

Mar 01: Anti-Semitic Texts: Police have arrested and charged a University of Maryland student who allegedly sent anti-Semitic text messages to another student on its College Park campus. The University of Maryland Police said a student reported that she received anti-Semitic messages from a person she did not know. Through an investigation, a detective was able to identify the suspect who allegedly sent multiple messages to the victim because of her religious beliefs. (link)

Mar 02: ADA Limitations: Kyle Cox was on his way to class during an ice storm in January 2019 when an outdoor wheelchair elevator at Texas A&M University malfunctioned. For 30 minutes, Cox, a graduate student, was trapped outside with sleet pelting him on an unseasonably frigid day in College Station. Building staff draped him in blankets and coats while they worked to free him from the handicap accessible lift designed to help disabled students access the building with ease (link)

Mar 01: Grad Student Strike: The University of California, Santa Cruz fired 54 teaching assistants (TAs) Friday after they went on strike for higher wages. The graduate students began withholding final fall grades as part of a wildcat strike not approved by union leadership. Striking assistants said the wage increase was necessary to keep up with the cost of living. The students also said that in addition to the 54 fired students, 28 other TAs were sent notices that they would not be considered for such positions in the next semester. (link)

Mar 01: Stadium Security: A Louisiana State University student and fraternity brother was charged Thursday with breaking into the college's under-construction football stadium and riding a four-wheeler around inside. Clayton Fleetwood, of New Jersey, is accused of entering Tiger stadium late at night on Jan. 21 and Feb. 8, according to university police. Investigators say the 19-year-old and another unidentified suspect were captured on stadium security cameras driving a Kawasaki Mule all-terrain vehicle around the field. (link)

Mar 01: Hazing: Three Ohio University students pleaded guilty Thursday to charges related to the investigation into fraternity hazing that led to a student's death. Dominic Figliola, 21, of Athens, pleaded guilty to two felony drug possession counts and to misdemeanor charges of hazing and violating underage alcohol laws. Cullen McLaughlin, 20, pleaded guilty to two felony counts of LSD possession. Zachary Herskovitz, 22, of Coraopolis, Pennsylvania, pleaded guilty to permitting drug abuse. (link)

If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top