This page is a list of policies and resources on security and privacy at Penn. Included below is information on computing risks and responsibilities for Penn Law faculty and staff.
General Information about Security and Privacy at Penn
On this page
Here are the main security and privacy links for Penn. We recommend you read these sites to learn more about computing safety and security.
- Privacy Website
- Penn Information Security Website
- Information Security Brochure
- Privacy in the Electronic Environment
- One Step Ahead: Almanac Security Tips
- Online Security and Privacy Training
- Staff Confidentiality Statement
Reporting Computer or Offline Security Incidents: Under Penn’s Incident Response Policy, faculty, staff, and students using Penn systems are required to report any suspected or confirmed computer security incident. Please contact firstname.lastname@example.org or (215) 898-9140 to report an incident.
Confidential Data and Student Records
Please visit our Student Data & FERPA page for more information.
File Sharing Responsibilities
- Share sensitive data only via G: drive, SharePoint or SecureShare.
- Share non-sensitive data via SendFile.
- Contact ITSHelp if you need to share sensitive data with external, non-PennKey recipients.
Remote Computing Responsibilities
Staff and Faculty who connect to Penn Law servers or access data remotely have special responsibilities. Anyone who uses a remote system to access sensitive data or to access their office computer via Remote Desktop must certify their system (see below links). We recommend all home computers that connect to Law School servers be certified and have encrypted hard drives.
Please make sure you follow the follow best practices for remote computing. The below links provide more information about how to certify your computer and other tips for secure computing.
- Don’t use email to transport sensitive data.
- Don’t store sensitive data on your personal or any remote device, including USB Keys or PDAs.
- All Penn data should be stored on the server because it is backed-up and monitored for security.
- Any locally stored data should use encrypted hard drives.
- Use your department’s SharePoint Only site to access data remotely.
- Use strong, complex passwords and password-protected screensaver.
- Don’t save passwords.
- Logoff of password protected websites and close all open browser windows when you’re done.
- Avoid the use of free wireless access points, kiosk computers, or computer workstations in public places (e.g., Internet cafes). Never use them to login to Remote Desktop or to access systems which contain sensitive data.
- Consider changing your passwords if you have used a public computer or one which you do not know is secure.
- Your PDA must have a strong password and be able to be remotely wiped if you are using it to access Penn data.
Personal Computer Certification
Computing Policies at Penn
Acceptable Use Policy
Revealing passwords or otherwise permitting the use by others (by intent or negligence) of personal accounts for computer and network access is prohibited.
Host Security Policy
Requirements for strong Windows passwords, automatic patching and updates for Windows, and antivirus program.
- Principles of Responsible Conduct
- Penn Computing Policies and Guidelines
- Penn Policy #1: Adherence to University Policy
- Incident Response Policy
Security & Privacy Tips
Apple has recently released an update to address an important security issue in OS X 10.9 Mavericks. Please backup your computer and update to 10.9.2 as soon as possible.
In support of National Cyber Security Awareness Month, this tip will focus on physical security of desktops and laptops. Physical security of a computer is an often overlooked component of computer security. You can use the information in this tip to lock your computer quickly before you walk away from your desktop or laptop.
A recent industry report shows that 44% of Android users are still using versions 2.3.3 through 2.3.7 (also known as Gingerbread). Gingerbread was released in 2011 and is now subject to a number of security vulnerabilities.
Does an email containing a link seem suspicious? You can check the link’s destination without actually following it by hovering over the link.
Many cloud-based services have access to our personal information. Therefore, it is important to protect these accounts with unique, secure passwords. Here are some tips to help you create secure passwords that are easy to remember.