Skip to main content

Security & Working Remotely

This page is a list of policies and resources on security and privacy at Penn. Included below is information on computing risks and responsibilities for GSE faculty and staff.

General Info about Security and Privacy at Penn

Here are the main security and privacy links for Penn. We recommend you read these sites to learn more about computing safety and security.

Reporting Computer or Offline Security Incidents: Under Penn's Incident Response Policy, faculty, staff, and students using Penn systems are required to report any suspected or confirmed computer security incident. Please contact us to report an incident.

Confidential Data and Student Records

Please visit our Student Data & FERPA page for more information.

Remote Computing Responsibilities

Staff and Faculty who connect to Penn GSE servers or access data remotely have special responsibilities. Anyone who uses a remote system to access sensitive data or to access their office computer via Remote Desktop must certify their system (see below links). We recommend all home computers that connect to GSE servers be certified and have encrypted hard drives.

Please make sure you follow the best practices for remote computing. The links below provide more information about how to certify your computer and other tips for secure computing.

  • Don't use email to transport sensitive data.
  • Don't store sensitive data on your personal or any remote device, including USB Drives, PDAs or smartphones.
  • All Penn data should be stored on the server because it is backed-up and monitored for security.
  • Any locally stored data should use encrypted hard drives.
  • Use strong, complex passwords and password-protected screensaver.
  • Don't save passwords.
  • Logoff of password protected websites and close all open browser windows when you're done.
  • Avoid the use of free wireless access points, kiosk computers, or computer workstations in public places (e.g., Internet cafes). Never use them to login to Remote Desktop or to access systems which contain sensitive data.
  • Consider changing your passwords if you have used a public computer or one which you do not know is secure.
  • Your PDA or smartphone must have a strong password and be able to be remotely wiped if you are using it to access Penn data.


Penn Computing Policies

Revealing passwords or otherwise permitting the use by others (by intent or negligence) of personal accounts for computer and network access is prohibited.

Requirements for strong Windows passwords, automatic patching and updates for Windows, and antivirus program.