The following are simple, but good security practices. They should be applied regardless of whether or not your research data seem sensitive.
Don’t store your research data in free cloud solutions such as Google Drive or DropBox.
Make sure your storage solution is appropriate for the security risks posed by your data. Use this guide on VU storage options to help you.
Portable media should only be used temporarily, e.g. for physically transporting data. Use this guide for further information on how to protect your data during transport.
VU-approved storage solutions have automatic back-ups to prevent data loss; if you only use portable media and/or your local hard drive for storage you have to set up back-ups yourself.
If you need to temporarily store data on your computer’s local hard drive, make sure to wipe the data from your hard drive when you are finished.
Enable full disk encryption on your laptop to prevent unauthorized access to data on your hard drive should your laptop be stolen or lost.
Always require a strong password to login to your laptop and update it regularly.
When working at the VU, keep your laptop secured to your desk and store it in a locked cabinet when you are done for the day. When offsite, don’t leave your laptop unattended.
Remove all data stored locally on your laptop before travelling with it internationally. Contact the IT Service Desk (email@example.com) for further advice if you need to travel abroad with your laptop.
Avoid the use of public Wi-Fi. If you absolutely need to use it, activate eduVPN while connected.
MacBook users should turn on the Firewall (via System Preferences > Security & Privacy). The Firewall is already active for Windows users.
Don’t access the VU-network (G-drive or H-drive) when travelling abroad and don’t use public workstations such as internet cafes to access research data. Contact the IT Service Desk (firstname.lastname@example.org) for further advice if you need to access your research data from abroad.
Don’t open links found in suspicious e-mails. You can forward any suspicious e-mails as an attachment to the IT Service Desk (email@example.com) so that they can update their security protocols, but then delete the e-mail immediately.
Make sure your computer has an active virus scanner running on it.
Use strong passwords. Make them long (15 characters or more) and include capital and lower-case letters, as well as numbers and special characters. To help with remembering passwords, use passphrases rather than one long work and replace some of the letters in the phrase with numbers and special characters.
Have a plan for managing passwords. This is especially important when several people need to know these passwords, as well as to prevent loss of access to the data when a staff member leaves the VU.