Information systems / technology

Apple drops new iPad apps for digital textbook creation and distribution

Any digital textbook revolution that flows from Apple's splashy unveiling may be contingent on everybody adopting its vaunted computing tablet, experts say.

Stanford's open courses raise questions about true value of elite education

How close can Stanford's computer science department get to offering world-class courses for free?

Khan Academy ponders what it can teach the higher education establishment

What, if anything, can a former hedge fund analyst and his motley crew of Silicon Valley number-crunchers teach higher education?

Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion)

The first things you will notice when entering Montgomery College’s Cybersecurity Center and Lab are the large video panels around the room that show a steady stream of cyberattacks represented by lines connecting attackers and targets on a world map. The displays show known cyberattacks, which are instantly blocked. It can be mesmerizing just watching the map’s activity, with attacks touching almost every part of the world, until you remember that each is an attempt to commit theft, fraud or another crime.

The scope of the global attack is sobering to think about, and I am thankful for the cybersecurity professionals who work to protect us all. Many of the students who train in our lab will become cybersecurity pros themselves. Some come to us to enhance their existing skills and go on to the thousands of available computer and cybersecurity career opportunities in government and industry. We need every one of them.

Of course, these criminal endeavors never stop. Despite our diligent focus on security and protecting our assets, in September of 2019 Montgomery College fell victim to an internet fraud committed by criminals outside the college. They stole funds totaling $2.8 million by routing them to a fraudulent bank account. The fraud was discovered quickly, and we took immediate steps to recover the funds. We have recovered 39 percent, resulting in a net loss of $1.7 million. A year later, we remain hopeful yet realistic about the possibility of recovering more of the stolen money.

As you might expect, it was initially disconcerting to know that we were victimized in a fraud scheme. It is an intrusion, albeit an electronic one, but an intrusion nonetheless. It is like realizing a stranger has broken into your home. The initial shock of the crime fades quickly, you discover how the criminal took advantage and you take every step to catch the perpetrator and prevent it from happening again.

Knowing that criminals frequently target colleges and universities through similar fraud and other schemes offered some consolation, but not much.

We immediately chose to be as clear and open as we could about the fraud, and I am gratified by the responsiveness and support we’ve received. Our full cooperation with the investigating authorities required that we keep some details of the crime under wraps, but we otherwise had straightforward conversations with the Montgomery College community, our state and county leaders, our accreditors at the Middle States Commission on Higher Education, journalists, and other stakeholders about the fraud scheme. Our transparency and forthrightness about what happened was always rewarded with cooperation, assistance and advice.

Our most important message in the immediate aftermath of the crime was to assure our students, faculty members and staff members that the fraud scheme would not adversely affect their studies and work or the college’s financial strength. While a significant amount of money was stolen, our educational mission continued without fail. The net loss amounted to about one-half of 1 percent of our operating budget. We recognized the loss in our financial statements for the fiscal year ended June 30, 2020, and we received an unmodified opinion from our auditors for the year, the highest level possible. What’s more, we earned an Aa3 Stable rating from Moody’s Investor Service, a testament to our long-standing conservative financial management philosophy.

Learning from the Incident

Naturally, we all wanted to know how this could have happened, even though our employees had followed strict internal financial controls. Security experts remind us that criminals are continually inventing new ways to commit their internet crimes. The steps we take to safeguard ourselves today will soon be met with new criminal threats. So, in addition to working with the FBI, local law enforcement authorities and the Montgomery County inspector general, we conducted a rigorous internal investigation to learn from the incident. We also commissioned an external accounting firm to conduct a special audit of our financial controls, contract administration and vendor relationships. As a result, we have implemented several new controls to further secure our assets, data and operations.

A big part of our response has been to increase the training of our employees. To stay ahead of the criminals, the training program is ongoing and regularly updated. Any employee who approves an invoice payment, manages a vendor or administers a contract needs to know how to spot a scam. To date, more than 2,000 of our employees have participated in the training that will improve their ability to detect potential fraud.

Our response to the fraud scheme also benefited from having the expertise of our Office of Compliance, Risk and Ethics. We formally established the office nine years ago to help us identify and prioritize internal and external risks and threats. The office’s expertise includes an internal auditor dedicated to improving financial controls and responding to new threats. I am thankful to these Montgomery College professionals and others in finance, procurement, information technology and additional areas for their dedication to safeguarding us.

As prepared as any institution can be for this kind of fraud attack, you can always do more. Some lessons we learned from our experience might be useful to other institutions in preventing a fraud scam or responding to one should it occur.

To prevent a criminal attack:

  • Consider intrusion testing as a way to assess the vulnerabilities of your financial controls.
  • Conduct independent audits of financial controls by auditors who are different than those who conduct the college’s annual audits on a routine basis.
  • Implement consistent and relevant fraud and cybersecurity training for all employees, with specialized training for employees in high-target areas, such as procurement and accounts payable.
  • Consider adding staff with expertise in compliance and risk to better anticipate vulnerability and threats, as well as to quickly respond to problems when they occur.

To respond to a criminal attack:

  • Define who will lead any internal investigations and who will serve as liaison with law enforcement and other relevant entities.
  • Ensure the coordination of communication, reporting, liaison and investigation functions with clear lines to the president and through the president to your board.
  • Follow the advice and counsel of ranking law enforcement professionals regarding communications and next steps.
  • Engage all of your stakeholders (employees, governing board members, legislators, accreditors, law enforcement officers and volunteers) deliberately and directly with timely messages conveying the facts and the remedies.

I have to admit that it is a bit humbling that we at Montgomery College, with our respected track record of preparing so many students for successful careers in cybersecurity and fighting internet fraud attacks, have ourselves been victims of such a crime. Yet this experience has taught us that, even with sophisticated fraud-prevention measures in place, we were still vulnerable. Institutions must continually advance their defenses to protect themselves. We’ve also learned that our instinct to respond with transparency was correct, and we benefited from the support of our colleagues and community.

The next time I visit our cybersecurity lab, I will have an even greater appreciation for the enormity of the criminal threats we face every day -- and the confidence to know that we are employing all the safeguards we can so that the flurry of criminal activity on the lab’s screens has nothing to do with us.

DeRionne P. Pollard is president of Montgomery College.

Editorial Tags: 
Image Source:
Is this diversity newsletter?: 
Disable left side advertisement?: 
Is this Career Advice newsletter?: 
Live Updates: 

Colleges face evolving cyber extortion threat

Cybercriminals successfully targeted three colleges and universities using ransom tactics new to higher ed. Experts say more institutions are likely to be affected.

International Conference on Modern Trends in Biomedical Engineering, Information Technology and Applied Sciences

Sat, 09/19/2020



3rd International Conference on Software Applications, Biomedical Engineering, Applied Science and Industrial Applications (SABEA-2020)

Fri, 10/16/2020


United Arab Emirates

3rd International Conference on System Engineering Design and Computer Sciences SEDCS-2020

Fri, 09/11/2020


United Arab Emirates

UCLA drops plan to use facial recognition security surveillance, but other colleges may be using technology


UCLA was the first university to openly consider facial recognition technology for security surveillance. The university abandoned that plan, but other colleges may be using the software.


Subscribe to RSS - Information systems / technology
Back to Top