5th Anniversary of Virginia Tech: Cost of Reaction vs. Prevention Is Not Even Close
Posted In Campus Safety, Education, Emergency Management, Incident Reporting, Risk Management, School Safety on April 16th, 2012 Tags: Awareity, Campus Safety, Center for American Progress, Prevention, threat assessment, TIPS, Virginia Tech
Did you see the recent report from the Center for American Progress? The report estimates that the Virginia Tech tragedy cost the university and taxpayers $ 48.2 million. And this cost does not include the “costs” associated with the loss of lives and lives that were changed forever.
An ounce of prevention is worth a pound of cure, and I hope all school and university administrators are paying close attention to this wisdom and this new report.
According to the report, the university was responsible for most of the costs – $ 38.77 million – and the state of Virginia paid around $ 8.87 million and rest was covered by local government and the federal government in the form of grants.
How the $48.2 million breaks down is shown in this Campus Safety article.
Today is the 5th anniversary of the Virginia Tech massacre that resulted in 32 deaths and another 25 wounded. According to the Virginia Tech Review Panel report (which cost $ 465,000), this tragedy could have been prevented and the report provided nearly 100 recommendations for university leaders to implement.
So why do we continue to see incidents, headlines and tragedies in schools and universities?
The facts are pretty clear that most schools and universities are still very “reaction focused”. Most schools and universities have Crisis Plans and Emergency Response Plans, but few have a Prevention Plan. Most schools and universities rushed out to purchase Mass Notification Systems after the VT tragedy, but few schools and universities invested in Prevention platforms to equip their students, faculty, staff, Safety Teams, law enforcement, legal, compliance and community resources with tools to “connect-the-dots, silos, red flags and suspicious actions” or the tools to get the right information to the right people in the right place at the right time so the right people can do the right things, which is the most efficient and cost effective way to intervene and prevent expensive and embarrassing tragedies.
To learn more about Awareity’s innovative and proven Prevention platforms and tools, click here.
No Comments
Cutting Wasted Expenses Helps Meet Budget Cuts
Posted In Education, Education, Human Resources on February 24th, 2012 Tags: Awareity, Regulatory Compliance, school budget, student handbooks
As budgets grow tighter…how many school Superintendents would approve the following expense requests?
Expense Request A:
I am submitting a request to spend thousands of dollars to print up thousands of pages of information that no one will read…
Expense Request B:
I am submitting a request to spend thousands of dollars for software, hardware and personnel to support the software and hardware so we can upload documents on our intranet that no one will read…
Bottom lines are getting crunched because schools are still spending thousands and thousands of dollars on printing, distributing and updating Student Handbooks, Teacher Handbooks, Employee Handbooks, Department Binders, Code of Conduct Manuals, Emergency Plan Binders, Operations Manuals, Safety Manuals, Regulatory Manuals and others. And after spending thousands of precious dollars, schools have no idea if anyone is reading them and even if individuals do read them, schools have no way of knowing or proving it.
Bottom lines are getting zapped even more thanks to software, hardware and personnel to create “digital handbooks” and “intranets”. Once again schools are spending thousands of dollars and schools have no idea if anyone is reading the documents and even if individuals do read them, schools have no way of knowing or proving it.
And bottom lines continue to get robbed because schools will spend thousands of dollars on labor-intensive efforts to collect paper-based documents that have been signed by students, parents, teachers, staff, bus drivers and others. Then schools will spend even more money on labor-intensive efforts to file the signed paper documents and ongoing efforts keeping track of who signed (or did not sign) with spreadsheets and home-grown databases.
Status quo training costs are also zapping bottom lines. If a school adds up all of the labor-intensive efforts, training documents, training facilities, trainer expenses, overtime, travel time, re-training sessions, spreadsheets and paper-based documentation of attendance and other costs, the numbers can be shocking. Unfortunately we human beings are not very good at remembering a lot of information delivered via a “fire hose” once or twice a year, which leads to mistakes, re-dos, fines, lawsuits and numerous other bottom line killers.
If you would like to see how your school can replace 20th century approaches that are killing your tight budget, click here to see how TIPS is equipping schools with 21st century tools to reduce and eliminate these costs.
No Comments
The Next Federal Investigation – Minnesota School District
Posted In Campus Safety, Education, Education, Legal, School Safety on July 20th, 2011 Tags: Anoka-Hennepin, bullying, Bullying Incident Report, bullying lawsuit, Cyberbullying, deliberate indifference, Harassment, Notre Dame, OCR Dear Colleague, Seth Walsh, Tehachapi Unified School District
In case you missed it, federal authorities are investigating “incidents involving harassment and bullying” in Minnesota’s largest school district.
The civil rights investigation is underway in Anoka-Hennepin, a suburban Minneapolis school district, and based on the seven-month “landmark federal investigation” that recently ended involving Tehachapi Unified School District in California, the Office of Civil Rights is serious about protecting the rights and safety of students.
School leaders at every school in the U.S. should be taking a serious look at their ability to prevent the preventable involving harassment, bullying, cyber bullying and other alarming trends in schools. School leaders should review their ability to prove they are following guidance outlined in the October 26, 2010 Office of Civil Rights Dear Colleague Letter (DCL), because recent resolution agreements make it clear the OCR is enforcing the DCL that was sent to K-12 schools and Higher Education institutions too. (A federal investigation was just completed at Notre Dame too)
One suicide is one too many! The federal investigations at Tehachapi and Notre Dame involved student suicides and at Anoka-Hennepin, there have been a string of 7 suicides in less than 2 years.
Now is the time to lead by example, not with words or new policies.
Now is the time to replace outdated status quo methodologies with 21st century platforms that empower schools (leaders, faculty, staff, students, parents, community members, etc.) to prevent the preventable.
Now is the time to start doing more than the minimum necessary.
Now is the time to start listening, investigating, intervening, preventing and making a difference.
To request Awareity’s 3 page Executive Briefing on the recent Landmark Investigation to share with your schools leaders and administrators, please visit: http://www.awareity.com/public/briefingrequest.asp
No Comments
Human Error Leads to 3rd Strike for Sony
Posted In Financial, Financial, Information Privacy, Information Security, Validations on May 25th, 2011 Tags: Application Security, human error, Playstation Breach, security awareness training, Sony
Strike 1: The first incident occurred on April 26th, when SONY announced personal information had been compromised on their PlayStation Network exposing the personal information of 77 million users.
Strike 2: One week later, a second security breach occurred on a different SONY network compromising 24.6 million users.
Strike 3: A third incident took place with the leakage of 2500 users’ names and addresses. SONY admitted that this breach was due to human error on the part of their system management team.
In a recent study from Application Security and Unisphere Research, more than 50% of the respondents felt that human error (or malicious insiders) were the biggest risks to an organization’s security. Two-thirds of organizations experiencing a data breach in 2011 have reported it was either from human error or an insider attack.
Lessons learned continue to show:
- It is critical for organizations to be more proactive and implement ongoing processes. Reacting to breach incidents is much more expensive than preventing breaches.
- Organizations must conduct periodic routine checks on their systems AND their people AND their third-parties.
- Organizations who are unable to measure situational awareness at the individual level will continue to suffer expensive breaches. All individuals need to understand their individual roles and responsibilities for protecting sensitive and personal information.
- Once-a-year general training is not enough as the risks and threats to our information are constantly evolving.
Sony struck out this month…is your organization going to bat with situational awareness and accountability and ready to adapt to pitches coming your way?
No Comments
How are Organizations Managing Policies Ongoing?
Posted In Business Continuity, Financial, Financial, Information Privacy, Validations on May 3rd, 2011 Tags: Accountability, auditability, OCEG, policy management, status quo
OCEG recently announced poll results from a One Minute Poll about Policy Management. In their poll, 429 members replied to the following question:
How do you primarily manage lifecycle of internal policies, procedures and guidelines?
- 32% use an internally developed database or intranet system
- 24% have no formal structure
- 18% use file folders or centralized network drive
- 14% use document or policy management software
- 8% track changes in Word
- 4% use other methods
Lessons learned: Bad guys already know what the results from this poll clearly reveal…People are an organization’s weakest links. As long as 86% or more of organizations continue to use status quo methods that provide little or no accountability and little or no auditability to ensure situational awareness at the individual level, organizations will be vulnerable to attacks, mistakes, lawsuits, fines and disconnects that have a negative (potentially significant) effect on their bottom line.
No Comments
2010 – Massive Security Breaches…Lessons Learned
Posted In Education, Financial, Government, Health Care, Research on May 3rd, 2011 Tags: Awareness Training, data breaches, Security Awareness, Social Engineering
Check out this recent overview of 10 of the largest data breaches from 2010 resulting in the loss of millions of data records.
Lessons Learned: Is your organization providing ongoing situational awareness training? People are the weak link for the majority of data breaches which are caused by human error, lost devices, social engineering attacks and numerous other poor decisions. It is critical for organizations to educate their employees (and third-parties) ongoing as risks, threats, requirements, and ’next’ practices are constantly changing. Lessons learned clearly reveal that once-a-year general training is not enough.
No Comments
The Payback of Compliance: Organizations Save When They Focus on Security
Posted In Financial, Information Security, Research on May 3rd, 2011 Tags: Compliance, Ponemon, Security
A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term. A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies.
Lessons Learned: Compliance does not equal security, but security can benefit from compliance. Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.
No Comments
AML Fine Sends a Message to Banks
Posted In Financial, Regulatory Compliance, Risk Management on May 3rd, 2011 Tags: AML, Bank Secrecy Act, bank security, Pacific National
Miami-based Pacific National was fined a $7 million penalty for violations to the Bank Secrecy and USA Patriot acts.
Lessons Learned: Fines for gaps in AML practices are becoming more severe. Financial organizations must ensure they have the appropriate policies and procedures in place and ensure their people are aware and accountable for their decisions to meet ongoing compliance requirements. Organizations also need legal-ready and audit-ready documentation to avoid expensive fines, lawsuits, and embarrassing headlines.
No Comments
Ed. Dept. Isn’t Backing Down From Bullying Guidance
Posted In Campus Safety, Education, Education, Government, Incident Reporting, Regulatory Compliance, Research, School Safety, Validations on April 19th, 2011
The Department of Education and Office of Civil Rights sent out a “Dear Colleague” letter in October 2010 outlining schools’ responsibilities for being aware of, responding to and preventing future incidents of bullying, discrimination and harassment. In response to the National School Board Association’s letter questioning a school’s responsibilities, the Department of Education response clearly states it did not overreach in its original guidance to school officials— it only reiterated existing laws and policies and gave examples of how school districts can help combat bullying and harassment.
Lessons Learned: Schools have been put on notice and must develop comprehensive programs to respond to incidents of bullying and they must take actions to prevent future bullying incidents. Schools who fail to take appropriate actions risk losing educational funding and expensive lawsuits at a time when a funding cliff is looming large. Lessons learned also demonstrate that status quo approaches are not effective in preventing bullying so it will be critical for school boards and school leaders to implement more effective prevention and intervention programs immediately and document all incidents of bullying and harassment on an ongoing basis.
No Comments
HIPAA is Most Troublesome Compliance Regulation
Posted In Health Care, Regulatory Compliance, Research on April 19th, 2011 Tags: HIPAA
A recent survey revealed that HIPAA is the most challenging regulation to businesses today.
Lessons Learned: Regulatory requirements are updated regularly…Hackers, risks, threats, etc. are constantly changing. Staying up-to-date and within compliance is challenging, but critical. Organizations must ensure all employees (and third-parties) understand their responsibilities to protect sensitive information.
No Comments
