The following are simple, but good security practices. They should be applied regardless of whether or not your research data seem sensitive.

Make use of VU-approved storage solutions

Expand for details

  • Don’t store your research data in free cloud solutions such as Google Drive or DropBox.

  • Make sure your storage solution is appropriate for the security risks posed by your data. Use this guide on VU storage options to help you.

Storage on portable media or local hard drives must be temporary

Expand for details

  • Portable media should only be used temporarily, e.g. for physically transporting data. Use this guide for further information on how to protect your data during transport.

  • VU-approved storage solutions have automatic back-ups to prevent data loss; if you only use portable media and/or your local hard drive for storage you have to set up back-ups yourself.

  • If you need to temporarily store data on your computer’s local hard drive, make sure to wipe the data from your hard drive when you are finished.

Be careful with digital data transfers

Expand for details

  • Make sure to consider the security risks posed by your data prior to any digital transfers. Use this guide on digital data transfer to help you.

Use laptops in a secure manner

Expand for details

  • Enable full disk encryption on your laptop to prevent unauthorized access to data on your hard drive should your laptop be stolen or lost.

  • Always require a strong password to login to your laptop and update it regularly.

  • When working at the VU, keep your laptop secured to your desk and store it in a locked cabinet when you are done for the day. When offsite, don’t leave your laptop unattended.

  • Remove all data stored locally on your laptop before travelling with it internationally. Contact the IT Service Desk () for further advice if you need to travel abroad with your laptop.

Be smart with your internet usage

Expand for details

  • Avoid the use of public Wi-Fi. If you absolutely need to use it, activate eduVPN while connected.

  • MacBook users should turn on the Firewall (via System Preferences > Security & Privacy). The Firewall is already active for Windows users.

  • Don’t access the VU-network (G-drive or H-drive) when travelling abroad and don’t use public workstations such as internet cafes to access research data. Contact the IT Service Desk () for further advice if you need to access your research data from abroad.

  • Don’t open links found in suspicious e-mails. You can forward any suspicious e-mails as an attachment to the IT Service Desk () so that they can update their security protocols, but then delete the e-mail immediately.

  • Make sure your computer has an active virus scanner running on it.

Always use strong passwords

Expand for details

  • Use strong passwords. Make them long (15 characters or more) and include capital and lower-case letters, as well as numbers and special characters. To help with remembering passwords, use passphrases rather than one long work and replace some of the letters in the phrase with numbers and special characters.

  • Have a plan for managing passwords. This is especially important when several people need to know these passwords, as well as to prevent loss of access to the data when a staff member leaves the VU.

    • Consider using a password manager that runs offline, such as KeePassXC

Remove data from devices when no longer required

Expand for details

  • When you are returning devices borrowed from TO3, returning a VU workstation at the end of your employment or after you are done with data that you’ve temporarily stored on your personal computer’s local hard drive, make sure to delete all of the data files from the hard drive. You can permanently delete everything on the hard drive, for example when returning VU or TO3 devices, using tools like KillDisk. If you just need to delete specific files, for example from your personal computer, you can use tools like Eraser (Windows-only) or BitRaser File Eraser (for MacOS and Windows).

Report data breaches immediately

Expand for details

  • Even if a data breach is merely suspected, you should report the event to the IT Service Desk () as soon as you become aware of the situation. The issue will be reviewed by experts who can assess the seriousness of the situation and determine what actions need to be taken.

In-depth security guides

Support

The AskIT Helpdesk provides answers to frequently asked questions. If the answer is not there, contact the IT Service Desk directly: .
The Research Data Management Support Desk can be contacted for complex security questions related to your research data.