Institutions of Higher Learning: Promote Learning, Not Fraud

Colleges and universities routinely find themselves subject to fraud, including cyberattacks. Such incidents can interrupt operations, pose public relations problems and result in severe financial losses. How can your institution of higher learning shore up its defenses without disrupting the work of students, faculty and other stakeholders?

The Struggle

The higher education sector offers an enticing target for fraudsters. One reason is budgetary. With so many competing interests, institutions can’t always devote the resources required to maintain a robust antifraud environment.

In other cases, the problem is ignorance (ironically enough). Employees may not have the information they need to help prevent fraud. Colleges and universities generally seek to promote a supportive and collegial learning environment. And for some schools, taking steps to prevent and investigate fraud and loudly communicating these procedures may seem inconsistent with their vision and mission.

Program Components

An effective antifraud program requires careful positioning so it will receive widespread support throughout your educational community. Here are several critical considerations:

Tone at the top. Effective fraud prevention starts at the highest leadership levels. Your institution’s president, deans and student leaders should personally model ethical behavior and frequently engage in discussions about situations that call for ethical decisions. Administrators also need to take disciplinary action if students, faculty and others violate your school’s code of conduct. Everything from cheating on exams to hacking computer networks requires a response that will set the tone and discourage similar behavior in the future.

Code of conduct. Customize your code of conduct to your institution’s priorities. A religious college is likely to define unethical behavior differently from a state university. But all institutions’ codes of conduct should strongly discourage fraud, such as accepting bribes for admissions or pressuring faculty to change student athletes’ grades.

Cyberattacks. These days, all schools must commit to preventing cybercrime, including the theft of student information and employee payroll records. This requires a multi-prong approach that consists of robust security software and strict behavior protocols (such as frequent password changes).

In the education sector, the greatest threat of the past year has been distributed denial-of-service (DDoS) attacks, where criminals take sites hostage until they receive "ransom" payments. Institutions that have moved instruction online during the COVID-19 pandemic are particularly vulnerable to such attacks. That’s because criminals know schools will be so desperate to get back online that they’ll pay whatever is demanded. To head off these criminals, keep security software up-to-date and instruct users to never click on links contained in suspicious emails.

Roll With the Times

Although DDoS attacks are a major concern now, in time they’ll likely give way to newer fraud schemes. Risks evolve and your institution needs to revise its controls accordingly. For example, replacing your institution’s accounting software could open security gaps. New hiring or layoffs could change the environment significantly enough to promote new fraud activity.

For these reasons, you should conduct an annual fraud risk assessment. You may have personnel capable of conducting such an assessment in-house. If not, hired a qualified fraud expert. Whoever leads the effort, the goal is the same: to identify and document the range of threats, likelihood they might occur and current controls in place to prevent them. If existing controls aren’t up to the task, take immediate steps to introduce new controls that are.

Securing Adequate Support

To convince budgetary gatekeepers to fund a rigorous antifraud plan, offer hard numbers and detailed examples. Administrators need to understand that fraud can imperil an institution’s operations — even its survival. For example, if a perpetrator were to hack the college’s bank accounts and steal more than what’s covered by FDIC, the institution might have to cut programs, lay off professors and reduce the availability of scholarships. Or it might have to raise tuition rates, which is likely to anger students and parents.

Highlighting potential ramifications of fraud can also help encourage stakeholders to change risky behavior (such as neglecting to secure intellectual property or visiting unsecured websites). And voicing fraud risks might just discourage potential wrongdoers from committing fraud because they know the community is watching for red flags.

Well Worth the Effort

Effectively combating fraud and cybercrime in the education sector takes a multi-factor program that’s constantly evolving. Some administrators may struggle with how best to position their antifraud program to gain funding and community support. But doing so is well worth the effort when you consider the possible consequences of a successful fraud scheme.