Research Data Management: Security

Top tips for securing your research data include:

• Install anti-virus software on any devices that may contain research data
• Regularly apply software updates
• Use a strong password
• Encrypt sensitive research data
• Transfer files among research teams securely

3b How will data security be taken care of during the research project?

Points to consider: 

• Explain how the data will be recovered in the event of an incident. 
• Explain who will have access to the data during the research project and how access to data is controlled, especially in collaborative partnerships.
• Consider what other data security measures are relevant for your research project. 

Below are some tips from UCD IT Security on how to secure devices that may contain research data.

• Update all devices, software, and plug-ins on a regular basis. Check for operating system, software, and plug-in updates often or, if possible, set up automatic updates  to minimize the likelihood of someone holding your computer or files for ransom.
• Install protective software. Sophos is available as a free download for Windows and Macintosh computers from Software Downloads in UCD Connect. When installed, the software should be set to scan your files and update your virus definitions on a regular basis.
• Control access to your machine. Don't leave your computer in an unsecured area, or unattended and logged on, especially in public places.  The physical security of your machine is just as important as its technical security.
• Use secure connections. When connected to the Internet, your data can be vulnerable while in transit. While on the UCD campus use a wired connection or eduroam for wireless connection.  Use remote connectivity and secure file transfer options when off campus.
• Protect sensitive data. Reduce the risk of identity theft by minimizing the storage of sensitive information. Securely remove sensitive data files from your hard drive, which is also recommended when recycling or repurposing your computer. Use the encryption tools to protect sensitive files you need to retain. 

Choose strong passwords is essential to good data security. 

• Secure your device with a strong password using a combination of mixed case letters, numbers, and special characters.
• Think passphrase not password.
• Remember, only use your UCD Connect password for UCD Connect. The University Password Policy dictates that University passwords must be unique to University systems. 
• The University Password Policy advises that all passwords should be changed at regular intervals, ideally at least every 12 months.
• Create a password based on a song title, affirmation, or a phrase. For example, the phrase, "This May Be One Way To Remember" could become the password TmB1w2R! or another variation.

A “strong” password is one which has the following characteristics:

• Password is unique.
• Contains at least 10 alphanumeric characters.
• Password must include at least one letter.
• Includes at least two of the following characteristics

1. Contains both uppercase and lowercase letters.
2. Contains at least one number (for example, 0-9).
3. Contains at least one symbol or special character (for example !$%^&*()_+|~-=\?<>.)

Encryption is a secure method of scrambling messages in a format that is unreadable by unauthorised users – it is, simply put, the best way to keep your information secure from thieves or accidental loss.

Device Encryption:

• Any mobile device containing confidential University or personal information must be encrypted. Device encryption helps to protect information should the device go missing or is stolen. Information on an encrypted device is only as secure as the password used to protect it, so it is vital that every device is secured with a strong unique password or PIN.

File Encryption:

• File encryption can be used whether you want to store sensitive data on a USB drive, securely email it, or just add an additional layer of security on your hard drive.

In order to protect University Information and research data, all files and documents should be encrypted in advance, using a strong password before sending them. The password for the encrypted file must be sent to the recipient using an alternative transfer method, such as in person, over the phone or by text. 

How to email files securely:

• Save the confidential information to a Microsoft Office document, such as Microsoft Word or Excel.
• Encrypt the Microsoft document by password protecting it using a strong password.
• Attach the encrypted document to the email.
• Send the password for the encrypted document separately, either in person, over the phone or by text.
• Dont forget to delete the encrypted document\attachment from your files after you have sent it.

Encrypting attachments helps protect confidential information if either the recipient’s or your email account is compromised. Without the decryption password, encrypted files cannot be viewed by anyone, including yourself. Please do not use your UCD email account as a record management system and you should delete emails on a regular basis, including emails in the “sent” email folder.

HEAnet FileSender:

• FileSender is a web based application that allows users to securely and easily send large files to other users. The purpose of the software is to send a large file to someone, have that file available for download for a certain amount of time, and after that time has elapsed automatically delete the file.
• A user does not need an account to download a file and users without an account can upload a file if they are sent a voucher by a user who has an account.
• Since 2016 FileSender includes an option to securely encypt files before sharing or sending them. Once they are encrypted with a strong password the information is safe should the files accidentally go missing. It is important that when sending encrypted files, you send the password separately. For example, if you email an encrypted file, then send the decryption password using SMS or call the person directly.