Having trouble viewing this email? View it in your browser.

Office of Audit, Compliance & Privacy

Case in Point:
Lessons for the proactive manager

April 2020
Vol. 12 No. 04
Inside every problem are hidden opportunities

-- John C. Maxwell

Last month I mentioned that I was not sure what to write about in a column like this during a global pandemic. I have to admit I am still not sure, but I have decided that next month we will resume our prior year review and analysis. Today I wanted to share an excerpt of an email I sent my staff during week one of modified operations and then some thoughts that I've had over the past couple of weeks.

A few things I wanted to share as we all continue to adapt to the new normal. I was listening to a podcast the other day talking about the pandemic and how we are now working from home and cannot do all the things we used to do. The person suggested we all ask ourselves this question:

''Where do you want to be when all this is over?''

I think this is a great question and am spending my day planning and thinking about my answer in several areas. I'd suggest you think about that question as well.

Let's face it, we all have the opportunity to waste the ''down time'' we have on TV and junk food or we can use the opportunity to get out and walk, run, or do something. Many online gyms are offering free streams. There are podcasts, TED talks, and all kinds of things we can use to learn and grow during this season. If you need some suggestions, I am happy to give those to you. We are blessed that we have the technology to learn, grow, and cope during this pandemic that no other people in recorded history have had in crisis.

This is a season of opportunity. You have to opportunity to come out of this season better as a person--healthier, wiser, and more equipped to seize the opportunities that will come. And they will come eventually.

Your attitude during this time is your choice, and I'd suggest we all choose wisely. Yes, there are days that will be hard but keep thinking long term. This isn't forever, and we are blessed to live in a time where this crisis also brings great opportunity for us all.

John C. Maxwell's teachings have been one of the biggest leadership influences in my career. I was listening to a talk he did recently where he said, ''inside every problem are hidden opportunities.'' He went on to point out how many breakthroughs come during difficult times. It hit me that we should be looking for those breakthroughs and opportunities as we work from a different perspective during this pandemic. As you think of new ideas or ways that things can be improved, make sure you let someone know. Don't be afraid to suggest new ideas to your institution's leadership. Who knows? Your idea may make your institution an even better place.

We again invite you to review the events occurring across higher education with a view toward proactive risk management. As always, we welcome your comments and suggestions.

M. Kevin Robinson, CIA, CFE
Associate Vice President
Office of Audit, Compliance & Privacy
Follow us onTwitter

Information Security & Technology Events

Apr 28: Network Security Breach: Illinois Valley Community College hired consulting firm Rehmann to unlock its servers after a security breach to its network was discovered Friday. "Step No. 1 is to secure and clear the environment to ensure it is safe to begin to unlock servers," said IVCC President Jerry Corcoran in a press statement. Vice President for Business Services and Finance Cheryl Roelfsema said restoring the network -- and completing a forensic audit to determine how Friday's breach occurred -- should be completed early next week, if not sooner. (link)

Apr 28: Malware Virus: The FBI was notified of a malware incident last weekend that caused the University of Arkansas for Medical Sciences to shut down its information network, an agency spokesman said. Leslie Taylor, a spokeswoman for UAMS, confirmed Monday that the hospital "temporarily deactivated" some of its systems after detecting a "malware virus." Employee emails sent and received during the weekend were deleted by the malware virus, according to UAMS. Taylor said that no data -- including patient, student or employee information -- was compromised. She added that the "server downtime" has affected patient appointments, so some of them had to be rescheduled. (link)

Apr 27: Spear-Phishing Attack: More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses. Several U.S. universities have been targeted in a widespread spear-phishing attack that uses adult dating as a lure. In reality, the emails spread the Hupigon remote access trojan (RAT), known to be leveraged by state-sponsored threat actors. (link)

Apr 27: Zoom Accounts Compromised: he latest in Zoom's seemingly never-ending string of security issues is about half a million user accounts that have come up for sale on a dark web forum. These Zoom accounts appear to have been collected via credential stuffing, using username and password combinations that were obtained in past breaches of other companies. It's to be expected that among the millions of users that have flocked to Zoom in the past two months will be some that re-use credentials that have been breached in other attacks, perhaps unbeknownst to them. However, the sheer number of Zoom accounts that were compromised in this way indicates that the video conferencing service has not been checking registered usernames and passwords against lists of known breached account credentials. (link)

Apr 21: Third Party Data Breach: Michigan State University said it has been informed by E-commerce vendor Volusion, which provides online payment processing to thousands across the country, of a nationwide data breach. The university said it was informed that the data breach "impacted less than 300 customers who processed credit card payments for good through shop.msu.edu between Sept. 7, 2019 and Oct. 8, 2019." "While there was no breach to Michigan State University's networks or systems, this breach of a third-party vendor is concerning and compels us to do what we can to help those impacted by sharing this important information," said MSU Chief Information Officer Melissa Woo. (link)

Fraud & Ethics Related Events

Apr 27: Grant Allegations: Harvard University has agreed to pay over $1.3 million to resolve allegations that the Harvard T.H. Chan School of Public Health was overcharging the government for certain grants. The schools reportedly overcharged for grants funded by both the National Institutes of Health (NIH) and the Health Resources & Services Administration (HRSA), the U.S. Attorney Andrew Lellings's office said in a release on Monday. (link)

Apr 27: Theft: Two people are charged with attempting to steal more than $600 worth of beer after breaking into Neyland Stadium on the University of Tennessee campus over the weekend, according to arrest warrants. Police were dispatched shortly before 11 p.m. Saturday after as many as five people were spotted on security cameras inside the football stadium. Officers arrived to catch three people inside the perimeter fencing near Gate 22. Two of the suspects were carrying 24 beers apiece. (link)

Apr 15: Research Grant Fraud: Rice University has agreed to pay $3.75 million to resolve allegations that it misused National Science Foundation grant funds to pay graduate students to teach instead of perform research, the U.S. Justice Department said on Wednesday. The settlement resolved an investigation launched in 2016 into whether the Houston, Texas-based school defrauded the agency, which provides about a quarter of the funding to all federally-supported college and university research. (link)

Apr 03: Conflict of Interest: As the legislative session got underway in mid-February, Sen. Erik Simonson introduced a bill to secure nearly $1million in state infrastructure bonds for a major expansion at Lake Superior College. On Wednesday, the Duluth Democrat started a new $100,053-a-year job as executive director of continuing education and customized training at the college, the same institution he was seeking to fund. The timing has sparked questions from some experts on government ethics. (link)

Apr 01: Admissions Scam & Wire Fraud: In exchange for money, a former admissions official at USC helped graduate students from China gain acceptance to the school by submitting doctored transcripts, fraudulent letters of recommendation and bogus personal statements in their applications, according to a plea agreement filed in federal court. Hiu Kit David Chong, who worked in USC's Office of Graduate Admission from 2008 to 2016, agreed to plead guilty to one count of wire fraud in an agreement signed last month and unsealed Wednesday. (link)

Compliance/Regulatory & Legal Events

Apr 28: NCAA Compliance: The Nebraska women's gymnastics program exceeded the permissible number of countable coaches when the former head coach and members of the program arranged for a former volunteer coach to receive impermissible compensation, according to an agreement released by the Division I Committee on Infractions. The agreement said the former head coach coordinated with the former volunteer coach to submit invoices for floor exercise music from a fictitious company. The invoices requested the check be made payable to an associate of the former volunteer coach so the university would not detect the impermissible payments. (link)

Apr 22: Employment Discrimination Lawsuit: Lincoln University's former director of alumni affairs has filed an employment discrimination lawsuit against the university, alleging treatment by the person who had filed a separate employment discrimination lawsuit against LU last week. Sylvia Wilson filed a suit Monday against LU on counts of a hostile work environment on the basis of sex; discrimination based on sex, age and race; and retaliation. Last week, Earl Wheatfall filed a lawsuit against the university, alleging disability discrimination, retaliation, Family and Medical Leave Act interference and FMLA retaliation. (link)

Apr 21: Admissions Scandal Plea: Former UCLA men's soccer coach Jorge Salcedo has agreed to plead guilty of conspiracy to commit racketeering in his involvement in the college admissions scandal, according to a plea agreement released Tuesday through the U.S. Attorney's Office in Boston. Salcedo admitted to have received $200,000 in bribes to facilitate admission of two UCLA students. In 2016, Salcedo, along with William Singer and former USC women's soccer coach Ali Khosroshahin, agreed to facilitate the admission of the daughter of Davina and Bruce Isackson to UCLA as a purported women's soccer recruit. (link)

Apr 17: Federal Title IX Investigation: The U.S. Department of Education is investigating Syracuse University for alleged sex discrimination against men. The federal agency's Office for Civil Rights opened the inquiry on March 4 after receiving a Title IX complaint during the fall semester. Mark Perry, a professor at the University of Michigan-Flint, in an interview said he filed the complaint. Perry said he has brought more than 120 similar Title IX and Title VI complaints against colleges around the country, prompting 60 OCR investigations. (link)

Apr 19: Tuition Refund Lawsuits: The coronavirus has hit college campuses and students in a unique way. Instruction has moved online for the remainder of the semester for most. Many students have been told to leave their campus dorm rooms. Some colleges have even closed for the semester. This disruption has left many students feeling a sense of disarray and now some are even suing their schools for a refund. The lawsuits differ in their claims, with some asking for much more than others. Students at the University of Miami have filed a class action lawsuit claiming they have paid for in-person courses at a higher rate and, with online instruction, they aren't getting what they paid for this semester. (link)

Apr 16: Whistleblower Lawsuit: DePaul ignored allegations that its former softball coach punched an assistant in the face and verbally abused his players and retaliated against the whisteblower by terminating her contract with the school, according to a lawsuit filed Thursday. The private school in Chicago is also accused of violating Title IX rules for failing to report complaints made against Eugene Lenti, who is alleged to have avoided punishment because his sister, Jean Lenti Ponsetto, serves as DePaul's athletic director. The suit was filed in Cook County Circuit court by sports psychologist Jenny Conviser, who said her contract to counsel DePaul athletes was terminated two years ago after she raised concerns to athletic department officials regarding Lenti's behavior. (link)

Apr 14: Negligence Lawsuit: Parties have agreed to seek resolution through mediation in the case of 3 former Fresno Pacific University swimmers who are suing the school after a chlorine-release incident in 2018. Dakota Loew-Garrelts, Mireya Ortega, and Matheus Misquito filed a lawsuit in October 2019 over a January 2018 incident where a chlorine leak during varsity swim team practice resulted in 13 swimmers being hospitalized with inhalation and burn injuries. According to the Fresno Fire Department, the leak occurred when the automatic chlorination system malfunctioned, releasing excess chlorine. (link)

Apr 13: Hazing Lawsuit: A former University of Arizona student filed a lawsuit against the university, the Arizona Board of Regents, Theta Chi Fraternity and 13 fraternity chapter leaders after he says he suffered injuries during fraternity hazing. The Theta Chi chapter at UA was placed under interim suspension in October 2019 after a former pledge claimed he suffered a chemical burn in his eye and a blood infection during hazing in April last year. Roletter filed the lawsuit seeking $1 million in damages and demanding trial by jury, according to a complaint filed in court on Friday. (link)

Apr 08: Due Process Lawsuit: Transylvania University was sued this week by a student who alleges that he was kicked out of his residence hall without "due process" after another student accused him of sexual misconduct, according to court records. The person who filed the federal lawsuit, identified only as John Doe, accuses the university of not fully investigating the allegation of misconduct against him and of discriminating against him because he is a male student, according to court records. (link)

Apr 02: Title IX: Michigan State basketball coach Tom Izzo and two assistant coaches contacted a witness in a 2017 investigation of criminal sexual conduct involving a basketball player before the witness had discussed the incident with police or school investigators, records newly obtained by ESPN show. MSU student Brayden Smith was with then-freshman guard Brock Washington on the night a female student said Washington forcibly groped her, according to a Michigan State University police report obtained by ESPN through a public records request to the Ingham County Prosecutor's Office. (link)

Campus Life & Safety Events

Apr 29: Trespassing: Boone County prosecutors charged a man on Tuesday with trespassing at the University of Missouri and allegedly breaking into a campus building. Nicholas Walters, 34, of Columbia, faces a felony charge of property damage and misdemeanors charges of trespassing and fourth-degree assault. Court documents say he broke into Memorial Union on Sunday night tried to enter two semi-trucks near University Hospital early Monday morning. (link)

Apr 28: Sexual Assault: An East Central University student is being held in the Pontotoc County Justice Center in lieu of a $100,000 bond on a charge of first degree rape by force or fear. Pontotoc County Sheriff's Office records indicate ECU Campus Police arrested Gabriel Elyjah Segress, 20, of Weatherford on Friday and booked him into the county jail around 4:03 a.m. ECU Campus Police said they were notified by Central Dispatch around 12:42 a.m. Friday that an ECU student called to report a sexual assault on campus. Campus police report the victim told them they were in a dorm room in Pesagi Residence Hall around 10 p.m. Thursday, watching movies with Segress and others when they began drinking alcoholic beverages Segress provided. (link)

Apr 22: Social Media Free Speech: The majority of top public colleges and universities use a blacklist of secret words, created by Facebook, to automatically censor comments on university social media pages, according to a new survey from the Foundation for Individual Rights in Education. As campuses sit empty and much of student life moves online, this censorship has an amplified importance. Colleges also compile custom lists collectively banning more than 1,800 words and phrases: from profanities to posts referencing matters of local and national concern, campus controversies, criticism of colleges' corporate partners or sports teams, and even the weather. (link)

Apr 21: Assault: Three college roommates have been charged with assault after they allegedly removed dry skin from one of their feet and put it into a fourth roommate's shredded cheese and watched her consume it without her knowledge. Cited for assault were 20-year-old Lindsey Ann Cundiff of Pocahontas, 19-year-old Kyiah Elaine Kastner of Sanborn, MN, and 20-year-old Ellie Thompson of Parker, SD, on Monday, April 20, according to the Sheldon Police Department. The women are residents of Osceola Hall on the campus of Northwest Iowa Community College in Sheldon. (link)

Apr 20: Threatening Emails: A former Valdosta State University employee is in custody, charged by criminal complaint for sending threatening emails to victims at universities across the country. The United States Department of Justice's complaint alleges 50-year-old Shawn Charles Merdinger, of Lake Park, Georgia, sent several emails between April 16 and April 19 to addresses affiliated with individuals employed at the University of California at Santa Barbara, University of Indiana, University of Texas, University of Texas at Austin, the University System of Georgia and Valdosta State University. (link)

Apr 06: Construction Safety: A subcontractor working on the renovation of the University of Oregon's Hayward Field tells WW his company was told to remove its equipment from the site after he sent his team home and voiced safety concerns. The subcontractor warned that it wasn't possible to complete his work on the project--one of the largest construction jobs underway in the state--while maintaining the social distancing recommended to slow the spread of COVID-19. (link)

Apr 07: Sexual Misconduct Expulsions: The University of Nebraska expelled two former football players after a school investigator last year found them responsible for violating the school's sexual misconduct policy, according to a document obtained by ESPN. In a letter obtained by ESPN, the university conduct board said the expulsion of two unnamed respondents was effective April 3. A university spokeswoman confirmed Monday that the players involved were redshirt freshmen Katerian LeGrone and Andre Hunt. (link)


Apr 07: Financial Impact of COVID-19: Colleges across the nation are scrambling to close deep budget holes and some have been pushed to the brink of collapse after the coronavirus outbreak triggered financial losses that could total more than $100 million at some institutions. Scores of colleges say they're taking heavy hits as they refund money to students for housing, dining and parking after campuses closed last month. Many schools are losing millions more in ticket sales after athletic seasons were cut short, and some say huge shares of their reserves have been wiped out amid wild swings in the stock market. (link)

If you have any suggestions, questions or feedback, please e-mail me at robinmk@auburn.edu. We hope you find this information useful and would appreciate hearing your thoughts. Feel free to forward this email to your direct reports, colleagues, employees or others who might find it of value. Back issues of this newsletter are available on our web site.

If you have any suggestions for items to include in future newsletters, please e-mail Robert Gottesman at gotterw@auburn.edu.

Back to top

© Redistribution of this newsletter, with or without modification, is permitted provided Auburn University Office of Audit, Compliance & Privacy is listed as the source.