Welcome to Penn! As a Penn employee, you have access to Penn computing and data. Some of the data you may handle is sensitive information. Penn takes various measures to secure its data, and we depend on you to do the same. Follow these three steps to protect Penn’s confidential information and the University computing assets:
Two-Step Verification provides an added layer of protection when accessing PennKey-protected websites and applications. Step 1 is your PennKey and password, and Step 2 is using a mobile application (DUO) or a fob.
- For more information on Two-Step, visit https://www.isc.upenn.edu/two-step-verification.
- To enroll in Two-Step, visit: https://twostep.apps.upenn.edu.
Social Engineering refers to techniques used by malicious individuals who manipulate users into sharing confidential information. Phishing emails are just one of several social engineering techniques used by hackers and criminals to exploit people’s inclination to trust. Learn more about phishing scams and social engineering at https://almanac.upenn.edu/volume-64-number-6#one-step-ahead-social-engineering.
It is important that you understand the type of data you handle and how you can protect it. Penn classified its data into three categories, High, Moderate and Low, based on the level of data sensitivity, government regulations, and the University policies. To protect Penn’s data:
- Use strong passwords for your PennKey and email client.
- Store data in a secure location, e.g. Box. Contact your Local Support Provider (LSP) for information on where to store sensitive data at your school.
- Use Secure Share to exchange sensitive data securely.
- Adhere to the University Computing Policies and Guidelines.