Penn’s Vice President of Information Technology and University CIO, Thomas Murphy, has approved four new information security policy requirements. The new requirements, which will take effect in June 2022 and June 2023, mandate protections on Penn systems. Specifically, the new policy statements will require 2-step authentication in order to use the PennO365 email system, end-point protection software to be run on all Penn-owned machines, and stronger authentication in order to gain access to PennNet remotely.

University Chief Information Security Officer Nick Falcone cites the increasing frequency of phishing and ransomware attacks that have the potential to interfere with Penn’s operations and mission as the driving force behind these new requirements. The Penn Office of Information Security is available to consult on implementation concerns as well as answer any questions about the new requirements.

Penn’s IT Security Policy can be found at: https://www.isc.upenn.edu/ITPC/security-policy. Questions regarding these new requirements may be directed to: security@isc.upenn.edu.