Top 10 Information Security Tips for Penn Students
Developed by the Office of Information Security
- Know where to get help - Get to know your ITA's and the Support Desk. For more information see: www.upenn.edu/computing/view/support/student.html
- Always log out of applications and lock or log off of your computer before walking away.
- Practice "good hygiene"
- Keep your operating system and applications up to date with patches (enable "auto-updating" whenever possible). Students with Windows machines should use Penn's free service: www.upenn.edu/computing/waus/.
- Turn on your system's firewall.
- Install anti-virus software and keep it and its virus definitions up to date. Penn makes this very easy to do by providing licenses for Symantec Anti-Virus (SAV) for your personal computers (PCs and Macs) at no cost. See Security Application section: www.upenn.edu/computing/product/.
- Use strong, unique passwords (for your computers, and for systems like PennKey and Facebook) and don't ever share them with anyone.
- Be careful when using peer-to-peer programs. They have legitimate uses, but you can't be entirely sure who or what is providing the content at the other end.
- Never download or share copyrighted material, such as music, movies, games, software, etc.
- Scan downloaded files with your anti-virus software before opening or installing them.
- Get in the habit of reviewing the sharing settings of not only the directory you specified for file-swapping, but your entire directory structure, to make sure that nothing has been changed without your knowledge.
- Be on the lookout for the sudden appearance of files that you don't remember downloading. "Mystery" files may be a signal that someone is using your system in ways beyond what you intended.
- Be wary of free applications. If they're not listed at downloads.cnet.com, they may be dangerous.
- Not all wireless connections are equal. Know your wireless networks and use encrypted services whenever in doubt (e.g., HTTPS over HTTP when web-browsing).
- AirPennNet provides secure authentication and encrypted traffic.
- AirPennNet-Guest provides secure authentication, but does not encrypt your traffic. Unencrypted traffic means that a malicious user could potentially sniff your email and web data as it is delivered to your computer (depending on your applications settings).
- Public wireless hot spots, such as offered at web cafes and coffee shops, may have an even larger untrusted community and pose even more risks.
- Be careful what you share on Social Media (like Facebook, Twitter, etc.) - they represent a powerful and exciting new set of technological tools and resources. However, these services also present new risks. Be aware that anything you share can be preserved online indefinitely, and be rapidly shared beyond your original intentions.
- Be suspicious of links or attachments delivered via email that you didn't ask for. Check with the sender before opening them or use other methods to ensure they are benign, like searching for the same content yourself independently online or scanning attachments with your anti-virus software.
- Check your financial statements every month to make sure there is no unusual activity.
For more information and resources please see the Information Security website at www.upenn.edu/computing/security/, or call 215-898-2172.
Last updated: Friday, August 12, 2011