As a Penn employee, you have access to Penn computing and data. Some of the data you may handle is sensitive information. Penn takes various measures to secure its data, and we depend on you to do the same.
Welcome to Penn!
Three steps to protect Penn's Confidential information and computing assets
Enroll in Two-Step Verification
Two-Step Verification provides an added layer of protection when accessing PennKey-protected websites and applications. Step 1 is your PennKey and password, and Step 2 is using a mobile application (DUO) or a fob.
- For more information on Two-Step, visit https://isc.upenn.edu/pennkey/twostep
Be aware of Social Engineering
Social Engineering refers to techniques used by malicious individuals who manipulate users into sharing confidential information. Phishing emails are just one of several social engineering techniques used by hackers and criminals to exploit people’s inclination to trust. Learn more about phishing scams and social engineering at https://almanac.upenn.edu/volume-64-number-6#one-step-ahead-social-engineering.
Understand Penn's Data Risk Classification
It is important that you understand the type of data you handle and how you can protect it. Penn classified its data into three categories, High, Moderate and Low, based on the level of data sensitivity, government regulations, and the University policies. To protect Penn’s data:
- Use strong passwords for your PennKey and email client.
- Store data in a secure location, e.g. Box. Contact your Local Support Provider (LSP) for information on where to store sensitive data at your school.
- Use Secure Share to exchange sensitive data securely.
- Adhere to the University Computing Policies and Guidelines.