Security Overview
This page is a list of policies and resources on security and privacy at Penn. Included below is information on computing risks and responsibilities for Penn Law faculty and staff.
On this page
- General Information about Security & Privacy at Penn
- Confidential Data & Student Records
- Working with Penn Data
- Computing Responsibilities
- Best Practices
- Penn Policies
General Information about Security & Privacy at Penn
Here are the main security and privacy links for Penn. We recommend you read these sites to learn more about computing safety and security.
- Privacy Website
- Penn Information Security Website
- Privacy in the Electronic Environment
- Online Security and Privacy Training
- Staff Confidentiality Statement
- Disposition of Documents and Data of Faculty/Staff Leaving Penn
Reporting Computer or Offline Security Incidents: Under Penn’s Incident Response Policy, faculty, staff, and students using Penn systems are required to report any suspected or confirmed computer security incident. Please contact itshelp@law.upenn.edu or (215) 898-9140 to report an incident.
Confidential Data & Student Records
Please visit our Student Data & FERPA page for more information.
Working with Penn Data
Staff and Faculty who connect to Penn Law servers or access data have special responsibilities.
Please make sure you follow the follow best practices for secure computing including:
- Don’t use email to send sensitive data.
- Use OneDrive, SharePoint and Penn+Box to store data. Only sync when needed.
- Use SecureShare to share highly sensitive data with Penn colleagues.
- Keep only information you need - digital cleanup.
Computing Responsibilities
- Report your system if lost or stolen: both mobiles and Windows 10 computers allow remote data deletion.
- All mobile devices (including laptops) need to be encrypted.
- Use strong, complex passwords and store using LastPass.
- Use multifactor authentication when possible: PennKey, LawKey, or non-Penn systems.
- Use a device PIN or password-protected screensaver.
- Keep antivirus up to date: (for personal devices install Symantec)
- Upgrade to Windows 10 and Office 365 (or current MacOS).
Best Practices
- Don’t save passwords.
- Logoff of password protected websites when done.
- Don’t use untrusted computers (public kiosks/Internet cafes) or free wireless access points to access sensitive data or Penn systems. Change your password if you have used an untrusted computer or Wi-Fi.
More Info:
- Cybersecurity Awareness Video: ITS presentation on best practices to avoid phishing scams, PennKey two-step verification, and LastPass password management.
- Top 10 Security Tips for Smartphones & Tablets
- Best Practices for Foreign Travel
- Facebook Guidelines from Penn Privacy
- Desktop Security 101
Reputation Management resources:
- Penn Libraries guide
- Research your data footprint
- See if your passwords have been hacked
- How to opt-out of various services
- Me and My Shadow
- Social media action plans:
Penn Policies
-
Policy on Acceptable Use of Electronic Resources
Revealing passwords or otherwise permitting the use by others (by intent or negligence) of personal accounts for computer and network access is prohibited. -
Policy on Server-Managed Personal Digital Assistants (PDAs)
Require passcodes, device encryption and remote data wipe in case of loss/theft. -
Mobile Device Encryption Policy
Require device encryption for laptops/mobiles, centralized recovery key storage and auditing of encryption status in case of loss/theft. -
Host Security Policy
Requirements for strong Windows passwords, automatic patching and updates for Windows, and antivirus program. - Principles of Responsible Conduct
- Penn Computing Policies and Guidelines
- Incident Response Policy