Lessons Learned from Joe Paterno and Penn State
Posted In Campus Safety, Incident Reporting, Legal, Risk Management, School Safety on January 23rd, 2012 Tags: Incident Reporting, joe paterno, Penn State
With the recent passing of football coach, Joe Paterno, Joe he can now rest in peace knowing he touched the lives of many as a coach at Penn State for 62 of his 85 years on this planet.
The horrific scandal at Penn State University will no doubt have an effect on the legacy of JoePa (his nickname suggesting his fatherly quality to his players and students too), some will judge JoePa based on what they know and others will judge JoePa based on what they don’t know.
For me, I would like to take this opportunity to recognize Joe Paterno for his foresight and humility to do an interview with the Washington Post before he passed away. You see this interview could and should become one of the most valuable lessons learned for college leaders and organizational leaders around the world. JoePa shared how he felt inadequate to handle the situation that was brought to his attention:
“I didn’t know exactly how to handle it and I was afraid to do something that might jeopardize what the university procedure was,” Paterno told the Washington Post in an interview published Saturday. “So I backed away and turned it over to some other people, people I thought would have a little more expertise than I did. It didn’t work out that way.”
“I called my superiors and I said, ‘hey, we got a problem I think. Would you guys look into it? Because I didn’t know, you know … I had never had to deal with something like that. And I didn’t feel adequate,”
http://www.cnn.com/2012/01/14/us/pennsylvania-paterno-interview/?hpt=us_c1
So what lessons learned did Joe Paterno’s interview provide?
First, if Joe Paterno worked at a college over 60 years and was not clear on university procedures and felt inadequate to do the right thing…how many people in your organization feel inadequate? Have you equipped everyone to do the right thing? This is a significant lesson learned that exposes how 20th century tools (binders, handbooks, annual training, intranets, etc.) can leave your people feeling inadequate and ill-equipped to do right thing as 21st century challenges, risks and situations are changing continuously and the consequences of not doing the right thing can be devastating.
Second, Joe Paterno also revealed in an interview: “In hindsight, I wish I had done more.”
College leaders, school leaders and organizational leaders must take immediate and proactive steps to equip their people with 21st century tools to ensure no one feels inadequate, but is equipped to take appropriate actions. No one wants the burden of wishing they had done more when it comes to helping a child, a friend, an employee or anyone in their community.
Click here to learn more about proven and award-winning 21st century tools.
No Comments
Email This Post
Alibis Don’t Save Lives or Prevent Bullying
Posted In Legal, Risk Management, School Safety on November 15th, 2011 Tags: Anti-Bullying, bullying prevention, New Jersey Bill of Rights, New Jersey Coalition for Bullying, Richard Bozza, Stuart Green
When it comes to anti-bullying efforts, most seem to be in agreement that we need to do something about bullying. It is everyone’s moral obligation to lookout for the safety of students and do the right thing. However, in New Jersey, there is a debate on new legislation and school requirements.
On November 1, 2011, the Executive Director at New Jersey Association of School Administrators, Mr. Richard Bozza, submitted an ‘Opinion’ piece discussing the New Jersey Anti-Bullying Bill of Rights that started by saying, “THERE’S NO question about it. We need to do something about bullying.”
Mr. Bozza’s opinion also stated the unfunded mandate requires schools to meet a long list of requirements. Mr. Bozza’s opinion referenced several concerns with implementing the law including an 18-page compliance checklist, paperwork, reviews and legal expenses.
On November 8, 2011, Mr. Stuart Green from the New Jersey Coalition for Bullying submitted his counter ‘Opinion’ saying. “Addressing bullying is not a matter of money. It is a moral obligation.”
WE NEED TO DO SOMETHING ABOUT BULLYING…SO WHAT IS THE SOLUTION?
The solution begins with equipping everyone with the right tools they need to prevent bullying. Schools need innovative tools and platforms that replace inefficient, ineffective and expensive status quo approaches that Mr. Bozza describes.
For example, traditional training approaches are expensive and time consuming. However, innovative web-based tools cost MANY TIMES LESS than the expenses schools are incurring with paper handouts, trainers, facilities, overtime and lost productivity costs.
Yes, paperwork costs are expensive, so why are schools creating more paperwork these days?? Innovative platforms eliminate paperwork and improve efficiencies and improve results.
Yes, legal fees are expensive, but anti-bullying policies are needed with or without the law, so WHY wouldn’t the New Jersey Association of School Administrators provide templates with customization guidance to their members??
Delays from scheduled school vacations, staff vacations and police involvement…once again the status quo approaches Mr. Bozza refers to are inefficient, ineffective and expensive. Innovative tools empower School Safety Team members to securely login from anywhere and review incidents as needed without delays. Innovative tools enable School Safety Teams to easily document actions, investigations, prevention efforts, follow up efforts and review previous incidents saving tremendous amounts of time, resources and money compared to traditional approaches.
The steps in the 18-page checklist Mr. Bozza mentions should already be taking place in schools, however an innovative platform of tools can equip school personnel to save time, money and resources.
The bottom line is that schools are spending too much time, resources and money on traditional approaches that lessons learned clearly show are not working. Schools can both reduce their costs and “do something about bullying”. I expect more from leaders, because alibis do not save lives…or money.
No Comments
Email This Post
Campus Disconnects – A Lack of Reporting in Higher Education
Posted In Campus Safety, Incident Reporting, Risk Management, School Safety on November 10th, 2011 Tags: behavioral intervention teams, campus threat assessment, Clery Act, Ernesto Bustamante, Incident Reporting, Penn State, University of Idaho
Two high profile incidents this week revealed that despite updates to the Clery Act and Title IX requirements, campuses continue to struggle to proactively identify warning signs and red flags and gather information and reports from their people (students, staff, faculty, law enforcement, counselors, etc.).
Penn State – Lawmakers are investigating whether Penn State violated the Clery Act when it did not report child sexual abuse allegations regarding a former football coach to the proper authorities. Several coaches were aware of the allegations, but did not report to the police.
University of Idaho - University of Idaho officials say at least one police officer knew of alleged gun threats against a graduate student before she was shot and killed by a professor she had been dating. The student had complained to the university in June that professor Ernesto Bustamante had threatened her with a firearm three separate times during the relationship.
It is critical for institutions to connect the dots across all individuals and threat team members (students, staff, faculty, counselors, law enforcement, parents, etc.) ongoing and ensure that all threats, risks, warning signs, etc. are reported to the appropriate personnel and investigated thoroughly to determine the appropriate level of response. Too many times, we see after the fact the warning flags and reports that existed, but that were not connected.
Comprehensive threat assessment and behavioral intervention programs need to extend across the entire campus community (faculty and staff, as well as students). If TAT/BIT teams can be notified immediately at the first sign of violence, aggression, threat, etc., and have the tools necessary to connect the dots across campuses, locations, departments, etc., many of these tragedies may be able to be prevented.
I think one of the biggest challenges that may have been a factor in each of these incidents is a lack of clear procedure and policy on reporting incidents. Higher education institutions must clearly define individual responsibilities for reporting illegal activities, suspicious behaviors, red flags, threats, etc. and ensure that all individuals involved understand their roles and requirements (and the consequences for a failure to report).
To learn more about how your institution can help your campus community come together and develop a culture of prevention, please click here.
No Comments
Email This Post
Patching User Risks in the 21st Century
Posted In Information Security, Risk Management on August 9th, 2011 Tags: Risk Management, Security Awareness
I saw a discussion last week that was asking for input on ways to reduce employee risk. Most of the responses offered a technology solution…which is interesting considering most studies and trends show employee risks and weaknesses are getting worse and more alarming even though organizations have spent thousands, millions and billions on technology solutions. Does this seem weird to you?
One of the responses from one of the participants caught my attention when they said “it is difficult to patch a user”.
Interesting comment and I responded by saying it is NOT THAT DIFFICULT to patch users/employees….IF you are using the right resources.
For example, you wouldn’t get very good results trying to watch HDTV (21st century) on a black and white analog TV (20th century). Like the TV analogy, organizations are not getting good results trying to “patch their users” using 20th century resources.
Organizations can “patch and validate” a user’s awareness, ensure a user’s accountability and help user’s with adaptability…but this cannot be accomplished using 20th century user solutions like binders, intranets, shared drives, memos, e-mails, spreadsheets, once-a-year general training, etc.
Numerous studies involving hundreds and hundreds of lessons learned and incidents clearly reveal that 20th century user approaches are inefficient and ineffective, period.
As a matter of fact, most organizations are wasting lots of time, lots of money and lots of valuable resources trying to make these old 20th century resources address user/employee risks.
Did you know proven 21st century resources actually exist for “patching users” with situational awareness, accountability, adaptability, measurability, auditability and more?
With the right user/employee focused resources, organizations can help and ensure all appropriate users understand why, how, when, what, what happens if I do, etc. Organizations can also reduce their costs, improve their results and ensure adaptability in a continuously changing world.
Attention all organizational leaders…this is a lesson learned and a valuable tip you should look into!
No Comments
Email This Post
Human Error Leads to 3rd Strike for Sony
Posted In Financial, Information Privacy, Information Security, Risk Management, Validations on May 25th, 2011 Tags: Application Security, human error, Playstation Breach, security awareness training, Sony
Strike 1: The first incident occurred on April 26th, when SONY announced personal information had been compromised on their PlayStation Network exposing the personal information of 77 million users.
Strike 2: One week later, a second security breach occurred on a different SONY network compromising 24.6 million users.
Strike 3: A third incident took place with the leakage of 2500 users’ names and addresses. SONY admitted that this breach was due to human error on the part of their system management team.
In a recent study from Application Security and Unisphere Research, more than 50% of the respondents felt that human error (or malicious insiders) were the biggest risks to an organization’s security. Two-thirds of organizations experiencing a data breach in 2011 have reported it was either from human error or an insider attack.
Lessons learned continue to show:
- It is critical for organizations to be more proactive and implement ongoing processes. Reacting to breach incidents is much more expensive than preventing breaches.
- Organizations must conduct periodic routine checks on their systems AND their people AND their third-parties.
- Organizations who are unable to measure situational awareness at the individual level will continue to suffer expensive breaches. All individuals need to understand their individual roles and responsibilities for protecting sensitive and personal information.
- Once-a-year general training is not enough as the risks and threats to our information are constantly evolving.
Sony struck out this month…is your organization going to bat with situational awareness and accountability and ready to adapt to pitches coming your way?
No Comments
Email This Post
Upcoming Webinar – Campus Aggression Prevention System (CAPS) Live Demonstration
Posted In Campus Safety, Emergency Management, Risk Management, School Safety, Workplace Violence on May 11th, 2011 Tags: Active Shooter, behavioral intervention team, Campus Aggression Prevention System, Campus Safety, student safety, threat assessment
Recently, a prominent University President shared that his biggest nightmare was waking up to hear there was an active-shooting on his campus. This, he said, is what kept him up late at night! We believe this is a nightmare shared by many school administrators, and can’t imagine what could possibly be worse.
Do you have a reliable method of “preventing” multiple threats of violence on your campus? Crisis (Emergency) Management is reacting to an incident that already took place, not preventing incidents from happening. Aberrant behavior, misconduct and mental illness do not provide reliable precursors to identify the next school shooter. Only when you can foresee the precursors to “emerging aggression” can you, with any reliability, get out in front of and prevent a school shooting, or any act of assaultive or violent behavior. For the first time, we will show you how your campus can reliably prevent aggressive, assaultive, and/or violent behavior. Imagine being able to empirically declare your institution safer before the next school year begins.
Lessons learned continue to demonstrate campuses must find better ways to deal with at-risk individuals, aggression, bullying, mental health challenges, violence, suicides and murders because the tragedies we continue to see are real…and almost all are PREVENTABLE.
Awareity and the Center for Aggression Management have partnered to bring you the CAPS (Campus Aggression Prevention System). Join John Byrnes from the Center for Aggression Management and Rick Shaw and Katie Johnson of Awareity as they demonstrate live how your campus can improve safety and security on campus and provide your students, parents, faculty and staff with peace of mind.
Live webinar: Campus Aggression Prevention System (CAPS) Demonstration
When: May 19, 2011, 12:00 PM EST
Register now
When: May 24, 2011, 4:00 PM EST
Register now
You will learn how to:
- Apply the Campus Aggression Prevention System in an effective and defensible manner
- Receive anonymous/confidential reports from students, faculty, staff, parents, etc.
- Identify behaviors, red flags and warning signs and take preventative actions
- Train your prevention/safety teams and faculty to measure aggression in at-risk individuals
- Determine the overall presumption of risk and what actions can be taken to maximize results
- Connect the dots to ensure at-risk individuals do not fall through the cracks
- Improve collaboration between counselors, administrators, law enforcement, teams, etc.
- Track and document all actions taken for legal due diligence and ongoing risk metrics
- Prevent lawsuits and maintain ongoing compliance with OCR, federal and state requirements
- Significantly reduce administrative, personnel costs and ongoing awareness and training costs
- Make your campus empirically safer and enhance student achievement/learning climate
This webinar has limited seating and will fill up quickly, so register early to ensure your seat.
No Comments
Email This Post
Consumer Awareness/Education…Potential Competitive Advantage for Banks?
Posted In Financial, Information Privacy, Information Security, Risk Management, Validations on May 3rd, 2011 Tags: consumer awareness training, Phishing, Security Awareness, spear phishing
Recent attacks continue to show that spear phishing is quickly emerging as one of the society’s greatest threats. Technology alone is NOT going to solve this problem. It is critical for consumers to be more vigilant and aware of what they are clicking on, sites they are visiting, e-mails they are responding to, etc.
Lessons Learned: Financial insitutions should make consumer education a higher priority. Awareness training, handouts, seminars, etc. can be a great way for organizations to connect with their customers, improve trust, enhance reputations and help prevent potential incidents, breaches, lawsuits, etc. down the road. Security awareness training and education can become a competitive advantage for those institutions willing to lead the way.
No Comments
Email This Post
Alarming School Survey: “Thou Shall Not Snitch”
Posted In Education, Incident Reporting, Risk Management, School Safety, Validations on May 3rd, 2011 Tags: anonymous incident reporting, bullying, School Safety
What does recent school survey reveal about ‘thou shall not snitch’ culture? Can schools take advantage of real life situations to create a culture of preparedness, safety and prevention?
The responses to this survey at H.D. Woodson High School reveal opportunities for schools to open the lines of communication, but only if school leaders understand how to relate to students and how to build trust with students.
Lessons Learned: Status quo responses to a survey, status quo comments from adults and status quo news articles validate how status quo approaches are not going to solve the problems and new challenges schools and communities face in the real and changing world we all live in. A huge opportunity exists for visionary school leaders to make a difference by asking better questions that help to connect the dots and strengthen our weakest links.
No Comments
Email This Post
‘Tricked’ RSA Worker Opened Backdoor to APT Attack
Posted In Financial, Information Privacy, Information Security, Risk Management, Validations on May 3rd, 2011 Tags: Human Factors, Phishing, RSA, RSA breach, Security Awareness
A targeted phishing e-mail with the subject line “2011 Recruitment Plan” tricked an RSA employee to open a document attached to an e-mail. The document contained a virus that led to a sophisticated attack on RSA’s information systems.
Lessons Learned: Are your employees aware of changing and more sophisticated risks? Does your organization update employees with situational awareness as more and more attacks target your employees? All employees must understand their individual roles and responsibilities for protecting sensitive information. Organizations need to implement comprehensive and ongoing awareness programs to ensure all individuals understand changing risks, threats, best practices, etc.
No Comments
Email This Post
Compliance and Ongoing Audits Save Money…
Posted In Regulatory Compliance, Risk Management on March 11th, 2011 Tags: audit preparation, Compliance, internal audit, Larry Ponemon, Ponemon Institute
A new study by the Ponemon Institute shows organizations that perform internal audits spent less per capita on compliance than those that didn’t perform internal audits.
Larry Ponemon is chairman of the Ponemon Institute and he commented: “I believe that the reason why internal audits reduce compliance cost is that they help prioritize the organization’s overall compliance efforts. This leads to greater efficiency in managing the total compliance burden. In other words, companies that do not conduct audits appear to be less efficient in their ongoing program management of data protection and privacy efforts.”
From my experiences and from lessons learned I agree that “ongoing program management and ongoing internal audits” are crucial to an organization’s bottom line and important to keep up with constant changes, new regulations, new risks, higher scrutiny in audits and mounting lawsuits.
But…is a binder full of policies ongoing? Nope. Is an electronic intranet or shared server full of policies ongoing? Nope. Is having your people go through online general training once-a-year ongoing? Nope.
What if your people were reviewing your policies, procedures, risks, expenses and efficiencies on an ongoing basis and had the ability to anonymously offer their feedback and report incidents on an ongoing basis?
This study reveals the obvious (including potential for cost savings), so hopefully organizational leaders are paying attention and will become more open to transforming their outdated and status quo ways of compliance and risk management sooner than later.
No Comments
Email This Post
