The board and administration are always working to manage risks and protect the university. Faculty and staff can help by following best practices for information security and notifying the appropriate university officials about suspected fraud and dishonesty.
Tips for information security
Recently, our university has seen a significant increase in cyber-attacks attempting to steal money and obtain sensitive information. As Missouri State University employees, we have a responsibility to safeguard the information and resources entrusted to us.
There are simple practices you can adopt to help defend against these attacks:
- Be suspicious of email. Cybercriminals can make email appear to be from someone it’s not. Some of these emails are extremely convincing, and it takes constant vigilance to avoid being deceived. Be cautious when clicking on links in email, and never enter your BearPass ID and password on a webpage linked from an email.
- Secure your password. A secure password is unique, complex and known only to you. Make sure your BearPass password is different from the passwords you use on other websites like Netflix and Facebook. Do not share your password with anyone, and never enter it on a non-university website.
- Store university information appropriately. With all the opportunities to store information in the cloud, it’s imperative to follow university policies on data storage. Take the time to become familiar with our Cloud Services Policy, located in Chapter 12 of the Policy Library.
There are many technology components of our security defenses, but none of them are as important as each of us remaining mindful of cybersecurity as we do our work. To learn more about these issues, visit the Information Security Awareness Training Resources webpage. If you have any questions or concerns related to information security, contact our information security office.
Reporting fraud
In May, the board approved the university’s fraud policy. The policy sets forth guidelines for reporting suspicious activity and the protocols that will be followed to investigate and discipline fraudulent or dishonest behavior.
Stealing university funds or property is a classic example of fraud, but fraud is broader than just theft. A person commits fraud when they intentionally do something, typically for their own benefit or the benefit of a friend or family member, through false representation, concealment or other unethical means. Examples include theft, bribes, kickbacks and falsification of records (contracts, timesheets, etc.).
If you suspect fraud or dishonest behavior, you should report what you have observed to your immediate supervisor or to a higher level of management if you do not believe it is appropriate to report it to your immediate supervisor. You should not attempt to investigate the matter yourself.
Management is required to immediately pass along your report to the department of internal audit and compliance for a thorough investigation. All employees are required to cooperate fully in any internal or external investigation.
Decisions to prosecute or refer the investigation to external law enforcement or regulatory agencies will be made by the department of internal audit and compliance in conjunction with the university’s general counsel and president.
If you have concerns about fraud or dishonest behavior but you don’t feel comfortable discussing your concerns directly with a university official, you may submit a confidential report through the Ethics Hotline online or by calling 1-888-233-8988.
Thanks for all you do for Missouri State!