At EDUCAUSE13’s opening general session, Sir Ken Robinson dropped many a funny line and entertaining anecdote—all while delivering a very direct message about how things have changed in our world due to our adoption and embrace of technology. One line stuck with me—“I haven’t got all minute!”—delivered to emphasize that technology has changed our level of expectation for how quickly we can find information or do other things that used to take much longer. We get a serious case of agita if we have to wait for a 10-count.
Here is yet another “special snowflake” motivator. How many times have we heard (or said, or thought): “It’s the 21st century, for Pete’s sake . . . why am I still filling out a paper form?” That’s so Flintstones in a Jetsons world. Thus, to keep our “customers” happy, those of us in higher education automate everything. Down to the tiniest inconvenience, we put an online transaction in place, preferably enabled to mobile devices. After all, we don’t want to be viewed as Luddites.
And then this happens. And this. And this.
I’ll give you the Reader’s Digest version: Hackers send phishing e-mails to college/university employees, directing them— for whatever reason seems believable— to log in to their institutional accounts. Some employees do so – despite every bit of “October Is Security Month” warnings from their campus IT organizations – and the hackers thus get the hoped-for log-in credentials. The hackers then log in and use the highly convenient online form to redirect payroll direct deposit to their bank accounts. After the campus payroll is run and the money is clearly in the hackers’ accounts, the hackers withdraw the money, close the accounts, and poof!: the money is gone, just like Keyser Soze from The Usual Suspects.
When I first heard about this scam, I talked with my CISO (you know, the guy who watches me while I sleep) and asked the obviously CIO question: “Did this (could this) ever happen here?” He reassured me that it had not and that it could not. Why not? Because our archaic (for another two months) financial system did not have an online transaction for direct deposit updates; employees had to make such updates via a paper form, processed hand-to-hand-to-hand all the way through to the state payroll entity.
How quaint. How last century. How out of touch with consumer wants. And how completely immune to online miscreants.
I asked a good friend of mine and CIO colleague the following question: “How many times a year do you suppose one of your institution’s 4,000 employees needs to change his/her direct deposit account?” He thought for a moment and said: “Oh, probably not many times. Maybe a hundred, no more than two hundred.” He went on to tell me that he had heard the scam had been a major disruption on some campuses and had caused not only a significant amount of grief for those affected but also hard feelings toward the IT organization and the campus administration.
All of this occurs in the name of 21st-century convenience, because after all, we haven’t got the time to wait for a manual transaction to complete, and because after all, this is the 21st century—the age of Amazon, Google, and NetFlix. We expect something to happen moments after we think about it.
Recently, some colleagues and I talked about the need to offer mobile apps for most or all of the financial transactions we provide at our institution. My colleagues stated that this is how people expect and want things to be done now. My counterpoint? Given that these things happen so infrequently, why should we make investments in this level of access/automation when there were plenty of other IT investments needed in higher education?
Paraphrasing Dr. Ian Malcolm from Jurassic Park, I would argue that perhaps we have become so preoccupied with whether we can do something (is there an app for that?) that we don’t stop to think if we should do something. Do we really need to automate activities that occur rarely (or even periodically) just because we can and just because people will think we’re old-fashioned if we don’t?
How do we balance the satisfaction of a quick-and-easy transaction via our smartphone with the potential for the miscreant activity that comes with that speed and ease? Thoughtfully. Maybe we do have all minute.