Stuart Weitzman School of Design
102 Meyerson Hall
210 South 34th Street
Philadelphia, PA 19104
Weitzman IT Services has compiled the following guidance to help students, faculty, and staff keep their computers, accounts, and data secure.
These recommendations are especially useful for personally owned computers used for Penn or Weitzman work.
Keep your computer, applications, and mobile devices updated. Security updates fix vulnerabilities that attackers may use to access your device, steal information, or install malicious software.
Enable automatic updates where possible. At minimum, regularly update:
Web browsers, including Chrome, Edge, Firefox, and Safari
Microsoft Office applications
Adobe applications
Duo Mobile
Antivirus/security software
Vendor update tools, such as Dell Command Update or Lenovo System Update
For Windows devices, use Windows Update and your manufacturer’s update tool when available.
For Macs, use macOS Software Update and keep App Store applications current.
Sophos Home is the University's supported antivirus product for Windows and Mac OS operating systems. The software is licensed through Penn and is available free of charge to all members of the Penn community. Read more on getting Sophos downloaded and installed here: Sophos Home.
For better security, consider using a standard user account for daily work and reserving administrator access for software installation and system changes.
Using a standard account for day-to-day computing can help reduce the impact of malware or unwanted software if your computer is compromised. You may still need administrator access to install software, change system settings, or perform maintenance, but administrator privileges should only be used when needed.
Learn more:
The University and the Weitzman School offer two VPN options for accessing both University and Weitzman School resources when working remotely. Read more about getting access to and setting up both VPN clients on our Remote Access page.
Use strong, unique passwords for every account, and never reuse your PennKey password elsewhere.
Encryption helps protect your data if your computer is lost, stolen, or tampered with. If you lose your recovery key and become locked out of your encrypted device, your data may not be recoverable, so it is important to store the recovery key securely.
For personally owned devices, do not store your BitLocker or FileVault recovery key only on the encrypted computer. Store the recovery key somewhere secure that you can access if the device is lost, damaged, or locked.
For personal Windows devices, use a personal Microsoft account, a secure password manager note, or another secure offline location. Do not use your PennO365 account to store recovery keys for a personal device.
For personal Macs, you may store the FileVault recovery key in your personal iCloud account or another secure location.
Penn uses Duo Two-Step Verification to help protect PennKey accounts. Duo adds another layer of security if your PennKey password is compromised.
Learn more: PennKey Two-Step Verification
Be cautious with unexpected emails, texts, phone calls, QR codes, shared documents, and login prompts. Attackers may impersonate Penn offices, IT staff, vendors, banks, or other trusted contacts.
Never share passwords, Duo codes, verification codes, payment information, or other sensitive data in response to an unexpected request.
Watch for suspicious links, unfamiliar login pages, urgent requests, unexpected Duo prompts, and unsolicited attachments.
When in doubt, verify the request through a trusted contact method or ask Weitzman IT for guidance.
Use AI tools carefully when working with Penn-related information. Do not enter sensitive Penn data, student records, personal information, unpublished research, confidential business information, financial information, health information, Social Security numbers, or other protected data into public AI tools.
