“This is 2017. Using a password alone is like expecting a screen door to protect your house — honest people won’t break your screen door, but people looking to do bad things will.” – Dave Comroe, Sr. IT Director, Client Technology Services
Ten years ago, we wouldn’t have expected 30+ students to show up to a lunch & learn about security awareness, ask enthusiastic questions, and stay afterwards to engage with our security panel experts. But in our increasingly connected digital world where passwords aren’t enough and corporate security fails can end long-standing careers, students want to know more about secure computing practices. On October 24th, Wharton Computing and Penn ISC-Information Security partnered to present a Lunch& Learn titled, “IT Security Awareness” as part of our 2017 University Around You campaign. Our colleagues showcased their wisdom and experience in a moderated panel format that tackled topics such as password management strategy, two-factor authentication, protecting sensitive accounts, virus protection/ad-blockers, phishing, and more.
Top 5 Security Lessons
We’ve compiled the top 5 security lessons for Wharton and Penn students from the event:
- Use Two-step Verification: Two-Step Verification provides an added layer of protection when accessing PennKey-protected websites and applications. With Two-Step, after logging in with your PennKey and password you’ll be prompted to verify your identity—the second step—using a mobile phone or key fob.
- Follow Best Practices for Password Management:
- Use a password manager like LastPass (free for Penn students) to help you manage your passwords.
- Use different passwords for different services. Keeping a diverse set of passwords stops the security leak if you lose your device or someone steals your password from one site.
- Use a long complex password; choose a goal, something motivational, or a long string of song lyrics – something fun and personal to you to use as your password.
- Install and Use an Anti-virus: Penn provides Symantec Endpoint Manager free to faculty, staff, students and we recommend using it with Macs; Windows 8 and Windows 10 come with Defender already installed.
- Avoid Phishing: Don’t follow links blindly. If you get a suspicious email from something like your bank account, go directly to the company’s wesbite to check for updates. If you can’t find any information related to the email directly on the website, then call the company and inquire about the email before you click on anything. Report any suspicious emails to Student Computing.
- Secure Your Desktop: Whether you’re running a “classic” desktop tower, a laptop, Windows, Mac OS X, or Linux, there are a number of basic security concepts that you should adopt to protect your data, along with your access to online resources at Penn and elsewhere. These fundamentals apply regardless of your particular hardware or operating system.
More Information and Upcoming Security Initiatives
This event was so well-received that we plan to re-run another IT Security Awareness panel in Spring 2018, host a security focused “pop-up tech table” in January to help student secure new devices, and increase security awareness measures and documentation in our Tech Center. For more information about security, check out Wharton Computing’s Security Resources and Penn ISC-Information Security’s Training and Awareness page.
About Strategic Partnerships Student Team:
The University Around You series is brought to you by the Wharton Computing Strategic Partnerships Student Team. Our goal is to provide a clear communication channel between Wharton Computing and students. We focus on building partnerships by engaging with students year-round through surveys, focus groups, and ad hoc outreach. We analyze findings and then work with relevant service teams and individuals to ensure continual process improvement. Alex Milne leads the Student Strategic Partnership team. He is a Wharton Computing veteran with a long list of accomplishments here and at his previous role at Harvard University. Erin Murphy is a long-time contributor to Wharton Computing, providing exhaustive research, analysis, and development work.