Nick Falcone from Information Systems & Computing discusses resources the Penn community can use to secure data and privacy.
As part of a series on wellness resources for the Penn community, Penn Today speaks with Nick Falcone from Information Systems & Computing to better understand how they partner with campus information technology teams and others to secure and maintain the community’s cyber presence.
(Image: iStock / Tero Vesalainen)
Wellness and well-being are woven into the life of Penn’s campus for students, faculty, postdocs, and staff. In the fourth part of a series highlighting University resources aimed at supporting the campus community, Penn Today speaks with staff from the Information Systems & Computing (ISC) Division about how they partner with campus information technology teams to secure and maintain the vital systems keeping the Penn ecosystem safely connected. They also offer resources to assist the Penn community in protecting data and privacy.
With cybersecurity threats continually evolving, information security remains a top priority, according to Nick Falcone, executive director of information security at ISC and Penn’s Chief Information Security Officer.
One of the greatest threats is phishing, Falcone says. “Phishing attempts are an ongoing challenge, with attackers frequently targeting individuals via emails designed to steal credentials,” he says, emphasizing the importance of understanding how modern phishing attacks operate.
Phishing emails can come in various forms, from shipping notifications to IT department requests. “One thing we’ve seen recently is phishing attempts posing as urgent HR communications or financial documents,” Falcone says. “In those cases, people need to slow down and think carefully before clicking.”
Penn’s security team encourages users to report any suspicious activity, even if it’s a false alarm. “We want to get nine false positive reports for every one real one.
“Even if everything looks legitimate, it’s worth the extra step to confirm,” he says. Whether it is an email asking to authenticate or change a Penn Key or a third-party vendor communicating a change in bank information, it is always best to confirm through a trusted contact before sharing any sensitive information.
Payroll redirects, Falcone says, are another scam to look out for. They typically involve hackers redirecting employee paychecks to fraudulent accounts. “If you see anything odd with your paycheck or receive a notification from Workday that you didn’t expect, contact us right away.” The division also advises staff to regularly review their paycheck information and report unusual activity.
Two-step verification using Duo at Penn adds an extra layer of protection by requiring you to approve logins through an app or phone.
The University offers Dashlane to provide the community with safe, secure password management and offers guidance on protecting users’ PennKey.
ISC has also developed Workday Security Resources, which include detailed instructions on how to check your payroll information for signs of tampering.
Partnership with DPS
ISC partners with the Department of Public Safety (DPS) and local law enforcement to act fast when these incidents occur. One notable area of collaboration is in responding to sextortion attempts.
“These are becoming more common,” Falcone says. “People are often tricked into believing that compromising material about them exists, and scammers use that fear to extort money.” In these cases, ISC and DPS work to quickly assess the situation, helping victims understand that these threats are typically baseless.
Recently, DPS issued a warning for users to be aware of the signs of these types of email scams. The first line may contain personal information, such as a student’s parents’ names and address or other personal information which is publicly available in an attempt to apply pressure on the recipient to respond.
DPS recommends ignoring this type of message and alerting ISC immediately. You can also contact specialservices@publicsafety.upenn.edu should you have any questions or concerns. Additional support and resources:
Beyond financial scams and phishing attacks, ISC works with DPS to monitor threats to the campus’ overall digital security. “Whether it’s sextortion, ransomware, or fraud, it’s our job to make sure the community is protected,” Falcone says. “We’re always here to help.”
Griffin Pitt, right, works with two other student researchers to test the conductivity, total dissolved solids, salinity, and temperature of water below a sand dam in Kenya.
Griffin Pitt’s upbringing made her passionate about water access and pollution, and Penn has given her the opportunity to explore these issues back home in North Carolina and abroad.
Helping robots work together to explore the Moon and Mars
Penn Engineers, NASA, and five other universities tested robotic systems designed to help unmanned explorers cooperate in the dunes of White Sands, New Mexico, paving the way for Moon and Mars exploration.
From framework to actions: Provost John L. Jackson Jr. talks Penn Forward
In a Q&A, Provost John L. Jackson Jr. explains the relationship between the strategic framework In Principle and Practice and Penn Forward—a new University-wide process and action plan that will advance Penn forward for the next decade and beyond.
