ITS Online»Antivirus & Data Security»Security Overview

Security Overview

This page is a list of policies and resources on security and privacy at Penn. Included below is information on computing risks and responsibilities for Penn Law faculty and staff.

On this page

General Information about Security & Privacy at Penn

Here are the main security and privacy links for Penn. We recommend you read these sites to learn more about computing safety and security.

Reporting Computer or Offline Security Incidents: Under Penn’s Incident Response Policy, faculty, staff, and students using Penn systems are required to report any suspected or confirmed computer security incident. Please contact or (215) 898-9140image to report an incident.

Confidential Data & Student Records

Please visit our Student Data & FERPA page for more information.

File Sharing Responsibilities

  • Share sensitive data only via G: drive, SharePoint or SecureShare.
  • Share non-sensitive data via SendFile.
  • Contact ITSHelp if you need to share sensitive data with external, non-PennKey recipients.

Remote Computing Responsibilities

Staff and Faculty who connect to Penn Law servers or access data remotely have special responsibilities. Anyone who uses a remote system to access sensitive data or to access their office computer via Remote Desktop must certify their system (see below links). We recommend all home computers that connect to Law School servers be certified and have encrypted hard drives.

Please make sure you follow the follow best practices for remote computing. The below links provide more information about how to certify your computer and other tips for secure computing.

  • Don’t use email to transport sensitive data.
  • Don’t store sensitive data on your personal or any remote device, including USB Keys or PDAs.
  • All Penn data should be stored on the server because it is backed-up and monitored for security.
  • Any locally stored data should use encrypted hard drives.
  • Use your department’s SharePoint Only site to access data remotely.
  • Use strong, complex passwords and password-protected screensaver.
  • Don’t save passwords.
  • Logoff of password protected websites and close all open browser windows when you’re done.
  • Avoid the use of free wireless access points, kiosk computers, or computer workstations in public places (e.g., Internet cafes). Never use them to login to Remote Desktop or to access systems which contain sensitive data.
  • Consider changing your passwords if you have used a public computer or one which you do not know is secure.
  • Your PDA must have a strong password and be able to be remotely wiped if you are using it to access Penn data. 
Personal Computer Certification:
Other Links:


Computing Policies at Penn



Latest Tips

  • Image preview
    The Center for Computer Assisted Legal Instruction, also known as CALI, provides online interactive tutorials on various legal subjects.  Tutorials are authored by law faculty and peer reviewed by a member of the CALI Editorial Board.  Here is information on how to create an account and access the materials.
  • Image preview
    New password rules that make it easier to create a secure password, encouraging users to “combine four or more unrelated words” to create a strong password that is easy to remember.


Security & Privacy Tips

  • Image preview
    Apple has released updates to address multiple vulnerabilities that have been discovered in Apple’s OS X, Safari, iOS, and Xcode products that could allow remote code execution.
  • Image preview
    Read these important tips to protect your personal information, data and devices.
  • Image preview
    Before the semester begins, it’s important to make sure your laptop is secure and up to date by configuring automatic software updates and installing antivirus software (which the University provides).
  • Image preview
    Documents often contain hidden data and personal information that could be harmful to the author if distributed.  Here are instructions on how to remove hidden data and personal information from documents, spreadsheets, and presentations.
  • Image preview
    ITS will be working with each department to locate and either delete or secure sensitive data on staff PCs and network drives.  The program also involves removing old and large files from the U and G Drives, as well as cleaning up email and reviewing archive policies.