It is imperative that all Penn employees take appropriate steps to protect Penn’s computing infrastructure, user accounts, and data. As a follow-up to the ISC Information Security Essentials Online Training, this tip sheet provides the top ten steps you can take to protect your personal information and the university’s technology assets.

 

  • Don’t click on links in unexpected or untrusted emails. An email from someone you don’t know or don’t expect to receive a message from prompting you to take an urgent action is most likely a phishing scam.




  • Browse trusted websites for business purposes only. Avoid clicking on ads or pop-up windows when browsing. Never allow you browser or a website to remember your password.



  • Don’t store Penn data on an unencrypted personal device such as a laptop or tablet. If you are not sure where to store data and sensitive files, contact ITS for assistance.


  • Report a lost or stolen Penn computer or mobile device to the ITS team as soon as possible – don’t delay.


  • Don’t use untrusted flash/portable media. Never use flash drives given out at conventions or provided by salespeople.


  • Use special care when handling or storing regulated data, such as student information, social security numbers, credit cards and health data.


  • Never share your password – with anyone. REMEMBER: ITS will never ask for your PennKey password.


Receive a suspicious email, or just aren’t sure if an email you received is a potential phishing attempt? Contact the ITS helpline at x8-HLPU.