IAM ad20 images

Someone in your office plays with your computer.

You're in your office - an open space work environment - and you decide to log into the Employee Self-Service Information Center (ESSIC) in order to review your benefits and payroll information. The phone rings, you get called into an emergency meeting, and you leave your desk area. You're still logged into ESSIC. One of your co-workers, who's nice but a little too curious, decides to see what you've been up to online, and winds up checking out your benefits...and accidentally dropping your spouse from your benefits. You've also left your password on a sticky note attached to your computer. Is this situation a violation of Penn State policy?

Someone on the computer tries to steal your identity.

Your job at the University requires you to have access to student records. You've been working on some reports involving those records for the last two hours, and decide that you need a break. It's a nice day outside, so you decide to go for a quick, ten minute walk. When you return, you realize that you left your computer unlocked with the data still active. Does this violate the Family Educational Rights and Privacy Act (FERPA)?

You receive an e-mail message that looks like it was sent by technology support staff at Penn State, from the address helpdesk@psu.edu. The message is relatively well-written, looks legitimate, and comes from a legitimate Penn State e-mail address. The message asks that you confirm your account by sending back your userid and password. What should you do?

Evil doers access a computer with a password from a sticky note.

You have your password in an area of easy access (such as a sticky note attached to your monitor) and someone accesses your benefits in ESSIC...

Evil doers access personal data that was only minimized when you went to lunch.

A staff member leaves their computer unlocked with employee /financial data active but minimized while they are away at lunch and someone accesses the data...