Security Overview
This page is a list of policies and resources on security and privacy at Penn. Included below is information on computing risks and responsibilities for Penn Carey Law faculty and staff.
On this page
- General Information about Security & Privacy at Penn
- Confidential Data & Student Records
- Working with Penn Data
- Computing Responsibilities
- Best Practices
General Information about Security & Privacy at Penn
Here are the main security and privacy links for Penn including policies and guidelines. We recommend you read these sites to learn more about computing safety and security.
- Privacy Website
- Computing Policies and Guidelines
- Policy on Acceptable Use of Electronic Resources
- Principles of Responsible Conduct
- Penn Information Security Website
- Privacy in the Electronic Environment
- Online Security and Privacy Training
- Disposition of Documents and Data of Faculty/Staff Leaving Penn
- Penn Data Risk Classification
Reporting Computer or Offline Security Incidents: Under Penn’s Incident Response Policy, faculty, staff, and students using Penn systems are required to report any suspected or confirmed computer security incident. Please contact itshelp@law.upenn.edu or (215) 898-9140 to report an incident.
Confidential Data & Student Records
-
Handling Student Data FAQs
Frequently asked questions on rules and laws governing student data. -
Keeping Penn Data Safe and Private
Overview of what types of data are considered confidential and general guidance.
Working with Penn Data
Staff and Faculty who connect to Penn Carey Law servers or access data have special responsibilities.
Please make sure you follow the follow best practices for secure computing including:
- Don’t use email to send sensitive data.
- Use OneDrive, SharePoint and Penn+Box to store data. Only sync when needed.
- Use SecureShare to share highly sensitive data with Penn colleagues.
- Keep only information you need - digital cleanup.
- Use your Law School issued computer when working with Penn Carey Law data/applications - not a personal computer.
Computing Responsibilities
- Report your system if lost or stolen: both mobiles and Windows computers allow remote data deletion.
- All mobile devices (including laptops) need to be encrypted.
- Use strong, complex passwords and store using Dashlane.
-
Multifactor authentication is required for both PennKey and LawKey.
- We also strongly recommend using multifactor authentication for any/all non-Penn systems.
- Use a device PIN or password-protected screensaver.
- Keep antivirus up to date: (for personal devices install Sophos)
Best Practices
- Don’t save passwords.
- Logoff of password protected websites when done.
- Don’t use untrusted computers (public kiosks/Internet cafes) or free wireless access points to access sensitive data or Penn systems. Change your password if you have used an untrusted computer or Wi-Fi.
More Info:
- Cybersecurity Awareness Video: ITS presentation on best practices to avoid phishing scams, PennKey two-step verification, and Dashlane password management.
- Best Practices for Foreign Travel
- Penn Libraries guide on reputation management
- See if your passwords have been hacked
- Microsoft: 10 Laws of Security