Nick Falcone from Information Systems & Computing discusses resources the Penn community can use to secure data and privacy.
As part of a series on wellness resources for the Penn community, Penn Today speaks with Nick Falcone from Information Systems & Computing to better understand how they partner with campus information technology teams and others to secure and maintain the community’s cyber presence.
(Image: iStock / Tero Vesalainen)
Wellness and well-being are woven into the life of Penn’s campus for students, faculty, postdocs, and staff. In the fourth part of a series highlighting University resources aimed at supporting the campus community, Penn Today speaks with staff from the Information Systems & Computing (ISC) Division about how they partner with campus information technology teams to secure and maintain the vital systems keeping the Penn ecosystem safely connected. They also offer resources to assist the Penn community in protecting data and privacy.
With cybersecurity threats continually evolving, information security remains a top priority, according to Nick Falcone, executive director of information security at ISC and Penn’s Chief Information Security Officer.
One of the greatest threats is phishing, Falcone says. “Phishing attempts are an ongoing challenge, with attackers frequently targeting individuals via emails designed to steal credentials,” he says, emphasizing the importance of understanding how modern phishing attacks operate.
Phishing emails can come in various forms, from shipping notifications to IT department requests. “One thing we’ve seen recently is phishing attempts posing as urgent HR communications or financial documents,” Falcone says. “In those cases, people need to slow down and think carefully before clicking.”
Penn’s security team encourages users to report any suspicious activity, even if it’s a false alarm. “We want to get nine false positive reports for every one real one.
“Even if everything looks legitimate, it’s worth the extra step to confirm,” he says. Whether it is an email asking to authenticate or change a Penn Key or a third-party vendor communicating a change in bank information, it is always best to confirm through a trusted contact before sharing any sensitive information.
Payroll redirects, Falcone says, are another scam to look out for. They typically involve hackers redirecting employee paychecks to fraudulent accounts. “If you see anything odd with your paycheck or receive a notification from Workday that you didn’t expect, contact us right away.” The division also advises staff to regularly review their paycheck information and report unusual activity.
Two-step verification using Duo at Penn adds an extra layer of protection by requiring you to approve logins through an app or phone.
The University offers Dashlane to provide the community with safe, secure password management and offers guidance on protecting users’ PennKey.
ISC has also developed Workday Security Resources, which include detailed instructions on how to check your payroll information for signs of tampering.
Partnership with DPS
ISC partners with the Department of Public Safety (DPS) and local law enforcement to act fast when these incidents occur. One notable area of collaboration is in responding to sextortion attempts.
“These are becoming more common,” Falcone says. “People are often tricked into believing that compromising material about them exists, and scammers use that fear to extort money.” In these cases, ISC and DPS work to quickly assess the situation, helping victims understand that these threats are typically baseless.
Recently, DPS issued a warning for users to be aware of the signs of these types of email scams. The first line may contain personal information, such as a student’s parents’ names and address or other personal information which is publicly available in an attempt to apply pressure on the recipient to respond.
DPS recommends ignoring this type of message and alerting ISC immediately. You can also contact specialservices@publicsafety.upenn.edu should you have any questions or concerns. Additional support and resources:
Beyond financial scams and phishing attacks, ISC works with DPS to monitor threats to the campus’ overall digital security. “Whether it’s sextortion, ransomware, or fraud, it’s our job to make sure the community is protected,” Falcone says. “We’re always here to help.”
Understanding order to disorder at the atomic scale opens possibilities for next-generation electronic devices
A Penn team has developed insight into the chemical and geometric mechanisms underlying the synthesis of new 2D materials, paving the way for next-gen devices, biomedical applications, and cleaner, quicker energy conversion and storage.
Penn buildings achieve LEED certifications, showcasing commitment to sustainability
Three recent building projects at the University of Pennsylvania have earned LEED Platinum, Gold, and Silver certifications, underscoring Penn’s ongoing commitment to sustainable design and construction.
OpenAI, DeepSeek, and Google vary widely in identifying hate speech
Neil Fasching and Yphtach Lelkes of the Annenberg School for Communication have found dramatic differences in how large language models classify hate speech, with especially large variations for language about certain demographic groups, raising concerns about bias and disproportionate harm.
