Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn


Sunday, March 18, 2018

  New Resources
Security Logging Service
Travel Tips for Data Security
Free Security/Privacy Training Resources
Two-step verification
Combating Malware
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Wireless Networking
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
  More in-depth information for
Local support providers
System administrators
  Security initiatives
Critical Component compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
  Related links
Electronic privacy
Worms, trojans, backdoors

One Step Ahead: Almanac Security Tips

In each issue, Penn's Journal of Record, The Almanac publishes helpful tips and hints for dealing with information security and privacy matters. This page is a collection of all those published thus far.
New! You can now receive new One-Step-Ahead Security and Privacy Tips automatically!
You can subscribe via Email or RSS.

Table of Contents

Tuesday, April 15, 2008 - Almanac Vol. 54, No. 29

SSN Policy Reminder–Comply, or Have Compliance Plan, by May 1, 2008

As you may recall, Penn’s Social Security Number Policy was announced in the Almanac last fall. See

The policy establishes expectations around the use of Social Security numbers—sensitive data whose misuse poses privacy risks to individuals, and compliance and reputational risks to the University. The policy calls on staff, faculty, contractors, and their respective agents to inventory their online and offline Social Security numbers and reduce the above risks by, in priority order: (1) eliminating this data altogether, (2) converting it to PennID, (3) truncating the data to capture and display only the last four digits, (4) when the complete SSN is clearly necessary, ensuring strict security controls to protect the full data.

In specified circumstances the policy requires that complete SSNs be encrypted at rest (that is, while the data is residing on a hard drive or storage device) and/or in transmission (while the data is in transit from one database to another). Note that the encryption “at rest” requirements in the policy apply within 3 months of such technology and service being recommended and supported at Penn. This recommendation is expected in the near future.

Compliance with the SSN policy is to be achieved or, in the alternative, a plan to achieve compliance within a reasonable timeframe is to be developed, no later than May 1, 2008, as stated in the policy.

(Note that compliance plans need not be submitted; they should be stored/filed securely, however, since they may contain sensitive information.) Since this deadline is fast approaching:

  • Are you inventorying your online and offline SSNs?
  • For identified SSN data, are you eliminating, converting, truncating or securing the SSNs, in keeping with the policy?
  • If these steps will not be completed prior to the May 1, 2008 deadline, are you developing a plan (that will be written by May 1) to achieve compliance within a reasonable timeframe?

Users of personal computing devices may contact their Local Security Liaison for assistance in complying with the SSN policy or developing a compliance plan. Contact for further information.

Security and Privacy Tips for the Summer Break
Protect your Home Computers by Turning On Automatic Updates
Personal vs University Accounts
Reuniting with your Missing Mobile Device
LastPass Premium:  Penn-Provided Software to Help Manage Your Passwords Securely
Filing Taxes Online This Year? Take Steps to Protect Your Information!
February is Data Privacy Month
Mobile Devices and Public Wi-Fi - Stick to Window Shopping
TMI: The Risks of Sharing Too Much Information on Social Media
Make Sure Your Email Gets Into Their Inbox
Avoiding Phishing Attacks
Be Wary of Fake Tech Support Telephone Call Scams!
Tips for Handling Electronic Access in Employee Termination
National Cyber Security Awareness Month - Free Secure Disposal of Paper
Begin the "Year of Discovery" By Knowing the Rules for Protecting Student Record Informati
Welcome Back! Here's a Map to Good Information Security
Email Risks: Well Beyond the Encryption Problem
Global Traveler? Enroll in Two-Factor Before You Go
How Are You Celebrating Data Privacy Month?
2014 Security & Privacy Tips "Year in Review"
Traveling Securely
Tips for Handling Electronic Access in Employee Termination
Welcome Back! Time for Your Information Security “Check Up”
What’s Your Password Strategy?
Working Off Campus? Some Tips to Consider
Heartbleed OpenSSL Vulnerability
Security and Privacy Tips for World Travelers
Filing Taxes Online This Year? Take Steps to Protect Your Information!
If your computer runs Windows XP, you must update it now!
Why Should You Report Security Incidents? And How Do You Report One?
Photo and Video Privacy Issues
The Password is Dead, Long Live the Password!
Data Privacy Month: NSA Surveillance Panel at the National Constitution Center
Protecting Your Finances During This Year’s Holiday Shopping Season
Beware of Phishing E-mails in the Wake of Typhoon Haiyan
No E-mail from Penn Will Ask For Your Username/Password or SSN
The Children's Online Privacy Protection Act: Does It Apply to Your Website?
October: National Cyber Security Awareness Month; Free Secure Disposal of Paper and Electronics
What Basic Rules Protect Student Information at Penn? (September 2013)
Protecting Privacy and Security on Penn + Box
Security Starts With You
New Regulatory Changes: Do They Apply to Your Area?
Protecting Yourself from Rogue AntiVirus Warning Scams
Security and Privacy Tips for World Travelers
Handling Documents and Data of Faculty and Staff Who Have Left Penn
Spring Cleaning Your Office? Know What to Do with E-Waste
Keep Your Identity Safe When Filing Taxes This Year
Why use Penn+Box when Storing Data in the Cloud
Mobile Device Security - 3 Recommendations for Cloud Users (Hint: That's You!)
Be Aware of QR Code Risks
It’s Data Privacy Month: Update Your Facebook Privacy Settings and More
How Are You Celebrating Data Privacy Month?
Stay Secure while Working on Public Wi-Fi Networks
Protecting Your Finances During This Year's Holiday Shopping Season
Cloud and You
Security and Privacy Online Training & Tools
October: Free Secure Disposal of Paper and Electronics at Employee Resource Fair; NCSAM
Student Privacy - What Do I Need To Know? A FERPA Reminder
Top 10 Tips for Securing Your Smartphone or Tablet
Working Off Campus? Some Tips to Consider
Not all wireless is created equal
The Virtue of Transparency
Keeping Data Safe on Mobile Devices
Keeping Data Safe on Mobile Devices
Tax Season Tip: Be careful where - and how - you buy tax software
Travel and Identity Theft - An Unfortunate Connection
Fun, Free Online Privacy and Security Resources
The Best Way to Protect Data is Not to Have It
How Are You Celebrating Data Privacy Day?
Strategies and Services to Insure Against Data Loss
As the Semester Ends, Know the Basics about Student Records
Is it Okay to Outsource Penn Data?
Vulnerabilities of Smart Phones
Protecting Information on Your Smartphone
Spread the Word: Collect Personal Documents and Computer Hard Drives for Free Shredding
Free Online Computer Security Training for Penn Faculty and Staff
Top 10's on Security and Privacy
Working From Off Campus
Perfecting PennKey Passwords
Increase in Spear Phishing Attacks Expected: Know the Do's and Don'ts
How are YOU remembering your passwords?
These Readers Are Not Fortune Tellers, They Are Fortune Stealers
Website Privacy Statements—More Important Than Ever
Know What to do if a Computer Security Incident Happens to You
Facebook Privacy Tips: Customize Button, Friends Lists
Tips to Help Defend Against Phishing
E-Mail Tips
Longer, More Complex Passwords = Stronger Passwords: Do the Math!
Shipping Data Safely
Beware of Malicious Invitations
Spread the Word: Collect Personal Documents and Computer Hard Drives for Free Shredding
Protecting Home Computers
Fake Anti-Virus Alerts a Common Web Threat
Warning: Your Printer & Copier May Store Your Confidential Data
ID Theft: A Growth Industry
Make Sure Your PennKey Password Meets Current Rules
Penn's Privacy and Security Awareness E-Learning Module: Helping You Protect Yourself & Penn
Smart Steps when Accessing Your W-2 Online
Spyware: Who's "watching" you - and why?
Secure Remote Solutions
An Ounce of Prevention is Worth A Lot
Search Engines: Raising the Stakes
You Can't Lose Data That You Don't Have
Password Cracking: The Pot of Gold at the End of the Rainbow
PennKey Opens Many Doors: Keep it Safe
Software Piracy
Collect Personal Documents and Computer Hard Drives for Free Shredding at the Employee Resource Fair
Don’t Use Excessive Privileges on Your Computer
Do You Google? Know How to Protect Your Privacy
Online Statements and Bill Payments: Safer Than Paper?
Updated Purchase Order Terms and Conditions Regarding Information Privacy & Security
Sanitize Word, Excel, and PowerPoint Docs Before Publishing
Exchange Sensitive Data Securely Using Secure Share
Facebook Sharing Can Be Broader than You Think: A Birthday Example
Managing Facebook's Privacy Settings for Safe Use
Be Careful with Facebook Apps
ID Theft: Are You Worrying About the Right Things?
What's the Half-life of an SSN?
Smart Steps When Accessing Your W-2 Online
IRS Warning: Tax Season Scams
Instant Messaging and Penn"s Jabber Service
E-mail Headers: Getting the Full Story
Reminder: Stay Vigilant About Identity Theft!
Credit Card Theft: "Skimming"
Avoid Phishing E-mails: Here's How
Beware of Phishing Scams Tied to Changes in the Financial Marketplace
Holiday Shopping, Credit Cards and Credit Reports: "Free" Isn't Always Free
Hackers and Identity Thieves Cash in On Current Events
A Reminder About Free Wireless Networks
Beyond Passwords: Strong Authentication
New Online Training: Information Privacy and Security at Penn
Filesharing Lawsuits: Not Just for Students Anymore
New List of Privacy and Security Resources
Several Types of Risks in Email
Don't Save Passwords In Browsers
Conducting an Online Survey? Be Sure You Know Who Can Access the Results
Computrace Best Practices
No E-mail from Penn Will Ask For Your Username/Password
Information Security and Privacy at Penn--2008 Year in Review
Legal Requests for Penns Electronic Records
Checking Out Hoaxes, Frauds and Spam for Yourself
Removing Your Name from Solicitation Mailing Lists
New Policy: Managing and Protecting PDA
Secure Deletion of Sensitive Information
SSN Policy Reminder–Comply, or Have Compliance Plan, by May 1, 2008
IRS Warning: Tax Season Scams
Converting SSN to PennID
Risks of End User Software Development
Strategies to Reduce Your Risk of Identity Theft
A Privacy-Sensitive Environment: A Little Awareness Goes a Long Way
Quality Assure: Who is Getting Your E-Mail
Cyberbullying–A Growing Threat to Your Children
Know What To Do if A Computer Security Incident Happens to You
Backing Up Data Regularly
Be Careful About “Free” Wireless Networks
Disappoint Dumpster Divers and Hackers -- Shred or Delete Unneeded Sensitive Data
Electronic Group Mailing Lists: Consider the Privacy Risks
Asking Your Web Browser to “Remember” You: A Dangerous Idea
Facebook, MySpace and YouTube Raise New Computer Security Risks
Is it Safe to Visit This Website?
The Right Thing to Do When You Think Something is Wrong
Password, Passwords Everywhere
Personalized Email Scams
Older Computers at Higher Risk for Security Breaches
Handling Documents and Data of Faculty and Staff Who Have Left Penn
“Phishing” and “Domain Tasting”
Working at Home and Other Remote Locations: Recognize the Data Privacy and Security Risks
Computer Worm’s Many Disguises
Website Privacy Statements
Your Life Online
Peer-to-Peer File-Sharing Software and Identity Theft
Legal Requirements for Penn Data
Bogus Warnings About Viruses and Spyware
Spoofed PennKey Sites Can Steal Your Password
SSN Cleanup Tools: Use Them and Protect the Penn Community
Cleaning Up Home Computers
Run A Security/Privacy Check On New and Ugraded Systems and Applications
When Is a PC File Truly Deleted?
Resetting Your PennKey Password
Securing Your Home Wireless Network
Want More Control Over Info? Look For Opportunities
Secure Web Browsing: Three Important Signs
Securing Data On Your Handheld Computer
Unprotected Computers Can Be "Stashes" For Illegal Material
New Back-IT-Up Service For Secure Backups
Wipe Cell Phones and Other Wireless Devices Securely Before Disposal
Student Records: Knowing the Basics
Phishing: eBay and Pay Pal
What Keeps You Up At Night?
Worried About Identity Theft? Ways To Monitor Your Credit Report
Security Patches/Updates: Usually Automatic, But Restart Weekly To Be Sure
Working From Home and the Data You Work With
Beware of Social Engineers
About Keystroke Loggers
Who Has Access To Systems?...Think About It!
Carelessness With Consequences
Find Out If Google Got Your Data - Before the Bad Guys Do
Keep Your Private Data from Showing Up On Google
The Panoptic Web
The Best Way to Protect Data Is Not to Have It
Security and Working At Home
Create Strong, Uncrackable Passwords to Foil Hackers
Your PennKey and All the Reasons to Keep It Private
Managing Passwords
Welcome back to One Step Ahead
Don’t Keep Email Around Too Long
Google Desktop: A Security and Privacy Risk
Laptop Theft
Do Not Download Sensitive Data Unless You Absolutely Have To
Spam Filtering
To Stay Secure, Keep Your Software Current
Don’t Save Passwords in Your Web Browser
Make Your Home Wireless Network Secure
Privacy of Student Records
Links Can Be Deceiving
Does Your E-mail Sometimes Smell "Phishy"?
Your Life Online
Remove Data Before Discarding Old Computers
How Secure Is Instant Messaging?
Privacy of Social Security Numbers
How Hackers Use Password Dictionaries
Beware of Dangerous Free Software
Has Your Document Sprung A Leak?

Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania