Your attention required: mandatory security training course

December 2, 2025

dean banner

Dear Colleagues,

Last month, we received a communication from the University about a mandatory security training course: Information Security at Penn: A Practical Guide.  This is part of the University’s ongoing efforts to strengthen our community’s ability to protect institutional systems and information -- and you.

Please complete the three short training modules, approximately five minutes each, asynchronously in Workday Learning, by December 31, 2025To safeguard our entire community, failure to complete the training may result in loss of access to University systems.

In addition, we underscore the importance of the following reminders and guidelines:

  • Phishing emails are still a common method for attacking systems. Do not click on suspicious links or open unexpected attachments, and immediately report messages as Phishing to protect PSOM systems. Verify the sender before responding to emails requesting sensitive information (and consider using Secure Share or PennBox for confidential information).
  • Social engineering uses phone calls, text messages, or other techniques to deceive recipients of these messages. Attackers may impersonate colleagues or IT staff to trick you into revealing credentials or sensitive data. Always verify requests through official and separate channels before sharing information.
  • Utilize strong passwords (preferably 15 or more characters) and Multi-Factor Authentication (MFA), such as Duo, to ensure security. Do not approve MFA requests you did not initiate. MFA adds an extra layer of protection beyond a password, making it harder for attackers to gain access.
  • Only use software programs that have been reviewed or approved by information services. Free applications and downloads can appear as legitimate software while hiding malicious programs. Unsafe applications can result in system compromises, instability, and data breaches, severely impacting the organization.
  • Software updates are critically important. Regularly install updates and patches for operating systems, applications, and antivirus software to protect against vulnerabilities.

For more information or to share questions or concerns, please contact: security@isc.upenn.edu and/or medhelp@pennmedicine.upenn.edu.

To report suspicious activity, please contact: issecurityoperationsteam@pennmedicine.upenn.edu.

Thank you for your attention to this critically important matter. 

====

Jon Epstein, MD

Dean, Perelman School of Medicine