Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Just as many people put off a project or an activity until January 1st when making a New Year’s resolution, some users tend to wait for a new academic year to implement new security actions.

The Office of Information Security strongly encourages you to take these three vital actions now as you gear up for the new academic year:

• Enroll in Two-Step Verification. Penn faculty and staff are required to enroll in Two-Step Verification as an added layer of protection when accessing PennKey-protected websites and applications. Visit https://twostep.apps.upenn.edu to enroll.
• Be savvy about social engineering to protect both your and Penn’s sensitive information from an exploit. Phishing emails continue to be the most used technique to manipulate users into sharing confidential information. Learn about various social engineering techniques by reading the September 2017 Almanac article “Social Engineering–What’s the hype?” at https://almanac.upenn.edu/articles/one-step-ahead-social-engineering
• Know how to classify and protect Penn’s data. Penn classifies its data into three risk categories, High, Moderate, and Low, based on the level of data sensitivity, government regulations, and University policies. To protect Penn’s data:
• Enroll in Two-Step Verification.
• Use strong passwords for your PennKey and email client.
• Store data in a secure location. Contact your IT support provider for information on where to store sensitive data at your school.
• Use Secure Share to exchange sensitive data securely.
• Adhere to University Computing Policies and Guidelines.

For more information on these three tips,  see https://www.isc.upenn.edu/security/data-classification