One Step Ahead: Resolve to Protect High-Risk Data

January 18, 2022
vol 68 issue 19
Bulletins
print

One Step Ahead Security and Privacy Made Simple logo

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

The start of the New Year is a great time to do some “data housekeeping”—ensuring you know what data you are handling, and how to protect that data.

Based on the sensitivity of the data, government regulations, and University policies, Penn categorizes data into three risk classification groups: high, moderate, and low.

Data is classified as high-risk if the loss of confidentiality, integrity, or availability of the data or system could have a significant adverse impact on any individual, or on the University’s mission, safety, finances, or reputation. High-risk data includes, but is not limited to:

PennKey password and other system credentials
Personal health information (PHI)
Social Security numbers
Credit card and financial account numbers
Some student and personnel records
The export of controlled data

Protection of high-risk data is required by laws or regulations, and Penn is required to report to the government, or provide notice to the individual, if such data is inappropriately accessed.

By understanding the risks associated with the Penn data you use, you can help keep that data, the University, and its people more secure.

In the new year, resolve to protect your accounts and all Penn data:

Use strong passwords, and also use Two-Step Verification where available
Stop retaining data when it is no longer needed, and store data securely if it must be kept
Avoid sending sensitive data by email, which is inherently insecure; use services such as Secure Share when necessary
Make sure you are familiar with University policies and guidelines that govern the Penn data you use and manage

Learn more about how to protect high-risk data:

Penn Data Risk Classification: https://www.isc.upenn.edu/security/data-classification
Protecting Penn Data: https://oacp.upenn.edu/privacy/penndata/
Information Security Tips for Staff: https://www.isc.upenn.edu/security/staff
Two-Step Verification: https://www.isc.upenn.edu/how-to/two-step-faq

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.