• Services
  • Email Services
  • Desktop Support
  • Pennkey Support
  • Air PennNet Support
  • Information Security
  • Web Development
  • Systems Administration
  • IT Recycling
  • Desktop Back up Service
• Supported Products
  • Hardware
  • Software
  • Smartphones
  • Network Access
• LSP Tools
• Request Support
• Contact Us
• Search
• Home

SOMIS News & Updates:

• Zimbra users may use the webmail site (Zimbra - log in with your PennKey) with full functionality. We expect to have restored all clients including mobile phones by tomorrow morning.
• Many machines at the School of Medicine have been compromised by a new type of virus that presents itself as an actual anti-virus product while a user is browsing the internet. If you experience anything remotely similar to this virus description, or are concerned about any suspicious activity on your computer, please contact your LSP immediately. For more information, please visit the following link.
• Zimbra users are reporting an increase in spear-phishing attempts. Penn computer administrators will NEVER ask you for your password at any time via any medium. For more information about phishing, please see the following link.

Home > Services > Information Security > User Responsibilities

User Responsibilities

• Network Access
• Passwords
• Sensitive Data
  • Transmitting Sensitive Data
  • Mobile Devices
  • Home computers
  • Secure Data Deletion
• Software Licenses
• Read the University's Acceptable Use Policy in full

 

Network Access

University systems and data are for use only by the individual granted access. Shared access is strictly prohibited.

 

Passwords

User accounts on both Windows and Macintosh computers MUST be protected with passwords.

Avoid storing cleartext passwords and unencrypted private keys.

Avoid scripting IDs and passwords.

Disable auto-complete logins on your web browser.

SOMIS Passwords Recommendations:

• At least 8 characters long
• Use both upper and lower case letters
• Should include a mix of alphabetic, numeric, and special characters
• Avoid using words directly derived from any language

 

Sensitive Data

As a user it is your responsibility to know if your computer has Sensitive or Confidential Data stored on it.

If it does, you must take the necessary steps to ensure its protection, for example, installing PGP Whole Disk Encryption.

 

Transmitting Sensitive Data

It is your responsibility to take the necessary precautions when transmitting any data that is considered Sensitive or Confidential in nature.

E-mail is NOT a secure means of transmission. NEVER send sensitive data through e-mail. Whether it is contained in the message or as an attachment, such information is at great risk to be intercepted.

Consider using Secure Share, a web-based application for secure file exchange available to Penn faculty and staff.

 

Mobile Devices

It is highly recommended that all mobile devices have anti-theft / recovery software installed.

See our Laptop Security page for more information about getting ComputracePlus for your device.

 

Home Computers

Avoid using insecure home computers to gain remote access to confidential University data, especially if that computer is shared with others.

If you have an absolute need to access sensitive data from your home, speak with your LSP about taking the necessary steps to encrypt and protect that data.

 

Secure Data Deletion

When data are no longer necessary for educational, research, service or operational needs they should be securely deleted as soon as possible.

Methods of Secure Deletion include:

• PGP Shred function (WINDOWS & MAC)
• Heidi Eraser (WINDOWS)
• Finder: Secure Empty Trash (MAC)
• Disk Utility (MAC)

Contact your LSP for assistance with secure data deletion.

 

Software Licenses

Users must abide by the terms of all software licenses.

 

For more information, check out

• Penn's Computer Security Policy
• Penn's Acceptable Use Policy
• Penn's Computing Best Practices

 

Need help finding your LSP? Check out the SOM LSP Directory.

---

Questions or concerns? Email medsecurity@mail.med.upenn.edu

 

© The Trustees of the University of Pennsylvania || Site best viewed in supported browser. || Site Design: PMACS Web Team