Online Safety and Security
Staying safe online and protecting personal and University information is an important part of being a Penn State student, faculty, or staff member. While the University has security measures in place to keep information safe, you can further protect your online privacy and data by using best practices and following some basic guidelines.
Practice password safety
As a Penn State community member, it’s important to create strong passwords—or even better, passphrases—for your Penn State Access Account and all your other online accounts.
Create strong passwords
Using strong passwords is one of the most important ways to keep personal and Penn State information secure. While it might seem daunting to create a password without using easy-to-remember information, relying on a series of words and using memory techniques can help you remember even the most complex passwords.
The following guidelines can help you create strong passwords:
- Choose a phrase that’s unique and familiar just to you.
- Make new passwords different from your other passwords.
- Don’t use words found in the dictionary or personal information like dates, names, and addresses.
- Combine the first part of each word in a phrase, mixing at least 15 numbers, characters, and letters.
- For example, “I love to play badminton” could become “ILuv2PlayB@dm1nt()n.”
Keep passwords safe
Creating and using strong passwords does little to protect personal information if those passwords are not kept confidential. It might seem harmless to share passwords with those you trust (like parents and significant others), but the more people who know this information, the higher the chances of passwords falling into the wrong hands. Rather than writing down passwords to remember them, you can use a password manager to generate, store, and retrieve your passwords.
Set security questions
Don’t get locked out of your Penn State Access Account. Taking a few minutes to set your security questions will help you easily reset your password online in case you forget or lose it. If you don’t establish security questions, you’ll need to visit the Accounts Office at University Park or a campus signature station to reset your password.
Enroll in two-factor authentication (2FA)
Two-factor authentication (2FA) is one of the best ways to protect against stolen passwords, phishing scams, and other attempts to take over your online accounts and steal your data.
What are the benefits of using 2FA?
While passwords and user IDs provide one layer of protection against those looking to steal data, a security measure called 2FA can offer an additional layer of security. Because 2FA uses two methods of authentication to verify your identity, it offers more than one layer of protection against the sophisticated tactics of cyber criminals and, therefore, makes Penn State information and your online identity less vulnerable to theft.
How it works
After you enroll in 2FA, when you log in to WebAccess—Penn State’s online authentication system that protects WebMail, ANGEL, Canvas, the Employee Self-Service Information Center (ESSIC), and more—you will enter your Penn State user ID (i.e., xyz5000) and password (something you know) as usual, and then use your smartphone or another device (something you have) to verify your identity.
Enroll in 2FA
At Penn State, faculty and staff are required to enroll in and use 2FA to log in to WebAccess. However, as a student, you can choose to enroll in 2FA using your smartphone, mobile phone, landline phone, or tablet.
Many companies now offer 2FA, so it’s a good idea to also use the service for personal email, banking, shopping, and other non-Penn State online accounts.
Keep software up to date
It can be easy to overlook software update notifications when they pop up on screen—especially when your computer seems to be working fine—but it’s very important that you don’t ignore or forget to approve updates.
What are software updates?
As developers make improvements to operating systems and software products, they send these upgrades to computers in the form of quick one-time installations. Sometimes these updates are user interface or design enhancements, but often they are important bug fixes or security patches to address potential vulnerabilities, malware, and more.
Stay current and use automatic updates
Many threats work by exploiting known vulnerabilities for which security patches are available, so computers that don’t have all current updates applied are left susceptible to these types of threats. To help guard your computer and data, be sure to accept patches and updates from trusted sources as they become available. Though it’s possible (and sometimes necessary) to manually check for updates and patches, signing up for automatic updates and notifications is an easy way to stay up to date.
Download software from trusted sources
To help keep software up to date, Penn State offers free software downloads for students, faculty, and staff for a variety of trusted security, antivirus, backup, and productivity products. However, if you’re not sure whether a software product or security patch is from a trusted source, check with your local IT service desk or call (814) 865-4357.
Avoid malware and phishing scams
It’s important to understand how malware and phishing scams work in order to best protect your devices against these threats.
Malware, or malicious software, is hostile, intrusive code that includes:
- trojan horses
Malware spreads rapidly and by many different channels—for example, via email attachments, infected document files, websites that contain hostile code, and unprotected fileshares.
Modern antivirus software helps protect against the malware, spyware, viruses, and other invasive methods data thieves use to infiltrate computers and networks. Because cyber criminals are always finding new ways to break into systems, it’s critical to keep antivirus software current on personal and University-owned computers.
When choosing antivirus software, select a product from a trusted company. Don’t click on Internet pop-up ads, which could be scams. As a student, faculty, or staff member, you can download Symantec Endpoint Protection, a comprehensive antivirus package that updates automatically, for free for personal and University-owned computers.
Be sure to use only one antivirus software per computer since multiple products could make the machine more—not less—vulnerable to attack.
The goal of a phishing scam is to steal personal data like credit card numbers, passwords, Social Security numbers, and other information. These fraudulent emails appear to come from organizations you know and trust—like your bank, credit card company, or school—and often include authentic-looking logos and links. Phishing emails will ask you to provide your bank account information, Social Security number, or other personal information. If you think you’ve received a phishing email, do not respond to it.
On occasion, phishing scams are directed at Penn State students, faculty, and staff. Fraudulent emails appearing to come from official University offices invite readers to click on a link or share private information. The best way to find out if you’ve received a fraudulent email is to submit the possible phishing message to the Office of Information Security. In the case of a compromised account or an incident involving sensitive information, email email@example.com. For cases of harassment or direct threats, contact your local police department.
Firewalls are a key way to protect your personal information from cyber criminals.
Every Internet-connected computer is vulnerable to automated attack tools seeking ways to break into and take over your system. Attackers may crash your system, spawn new attacks, or even steal passwords and credit card information.
Firewalls are virtual barriers that filter out potentially dangerous connection attempts to your device. Unit firewalls (firewalls designed to help protect multiple computers in a university department or a home or apartment complex network) and properly configured personal firewalls (firewalls you can install on your personal computer) can each provide effective security to suit various needs. For home use, personal firewalls are often free.
Back up your data
There are many ways to back up your files, and using more than one method will minimize the chance of losing valuable information.
Why back up?
In addition to protecting your computer against such security threats as malware and phishing scams, it’s also important to protect your data by making electronic copies of important files. Computer malfunctions, theft, viruses, and accidental deletion are just some of the ways you can lose academic work, photos, financial records, and other valuable information.
1. Make copies
The first thing you need to do is make copies of your files. Many computers offer a backup software program that can copy all the files and programs on your computer.
2. Choose your backup methods
After you make copies, you need to find a place to store them. Ideally, you should back up your files and data in more than one place. Here are some options:
While you can use CDs, DVDs, and flash drives for storing small amounts of files (such as photos and songs), external hard drives can hold many more files (like an entire music library) and can plug directly into your computer for faster copying. Make sure to store your devices in a safe place and consider keeping a copy at another location (in case of fire or theft).
Another option is backing up your files to a secure server over the Internet. Penn State faculty and staff members have the option of using Tivoli Storage Manager to back up their files.
Secure your mobile devices
As the technology behind smartphones and tablets advances, it’s important to stay ahead of cyber criminals by keeping mobile devices secure.
Smartphones and tablets are targets for criminals looking to steal your personal data. Because of this, it’s important to keep your mobile devices protected by always enabling home screen passwords and locks. These passwords can protect data on your devices if they are ever misplaced or stolen.
Find out more about enabling password protection on your mobile devices:
Locating or wiping a device
If your device is ever stolen or lost, there are a few steps you can take to ensure the security of your personal information. If you have location services turned on, you can locate your device or remotely wipe all information by using either Find my iPhone or Android Device Manager.
Find out more about these applications:
Additional tips for mobile security:
- Don’t store sensitive, unprotected information on your mobile devices.
- Only download apps from trusted sources.
- Keep your devices’ operating systems up to date.
- Back up your devices regularly.
- Only connect to trusted Wi-Fi networks.
- Be cautious of links in text messages from unknown or suspicious senders.
- Wipe your devices of all data before selling them.
Help Request Portal
The Help Request Portal is a one-stop resource to request help with and find answers to commonly asked questions about Access Accounts, WebMail, University Collaboration Suite (UCS), ANGEL, Canvas, and more.
IT Service Desk
You can also visit an IT Service Desk at one of their convenient locations. Consultants at the service desk can help with such topics as software installations, virus detection and prevention, wireless connectivity, and more. Find your nearest IT Service Desk or call 814-865-HELP (4357) for 24/7 assistance (except on official University holidays).
Office of Information Security
Copyright and Legal Media at Penn State
Intellectual property laws and guidelines can be complex and difficult to navigate. For information on copyright awareness at Penn State, visit Copyright and Legal Media at Penn State.
Stay Safe Online
Learn how to protect yourself and your devices with tips and resources from the National Cyber Security Alliance.