Text reads "Is your research data secure?" on blue background

Is Your Research Data Secure?

April 24, 2023 News, Security Posts

By Iris May-Fleming, Media Intern

Researchers put a substantial amount of time, money, and effort into the data that they produce, so keeping that data safe and secure is important for maintaining research integrity, and making sure that valuable resources are not lost. ARCSIM’s data security analyst Melissa Kimble urges researchers to take simple and easy steps to increase data security while working with sensitive data.

The first recommendation is to use a UMS IT managed device if you’re able. All UMS Managed devices include tested and enforced patching, tested and standardized hardware, and incident response. Incident response means that any potential viruses will trigger a feedback loop involving the Information Security Office, ultimately serving to help prevent future incidents. “When you have a managed device you not only have anti-virus protection, but a team of technical security experts.” Kimble explained. 

Keeping your computer updated is an essential way to protect your system from vulnerabilities that could allow malware to infect your device. “The number one fixable source of vulnerabilities in your system is updates.” Kimble said, explaining how updates patch potential software issues that would allow malware to get into a computer system. 

While Microsoft Defender is sufficient on UMS IT Managed devices, Kimble encourages researchers to install antivirus software on their personal computers as well, such as ESET Internet Security. Some antivirus softwares simply detect malware, some can also contain and eradicate malware and potentially recover lost data. 

Another important cybersecurity measure is awareness and training. “If you don’t know something is there, then you don’t know how to avoid it.” Kimble explained. A large part of the new National Security Presidential Memorandum (NSPM) 33 provides stricter training requirements for research universities. This heightens data protection for federally-funded projects by mandating data security training, and while the UMS Academy currently has some training on basic cybersecurity, these will expand over time to meet federal requirements. 

Creating a data backup plan is another essential step to protect against a single point of failure. Even if data is backed up on the cloud, having an additional disconnected backup can help mitigate risk. For example, ransomware has become so sophisticated that it can affect cloud data if the backup is continuously syncing when ransomware strikes.

While multi-factor authentication (MFA) may seem tedious, it is a simple way to verify your identity. Enabling MFA makes it more difficult for malicious actors to gain access to your accounts, even if your login credentials have been stolen. Along with MFA, having strong passwords may seem obvious, but it’s still important, and being careful to use unique credentials for each website mitigates the impact of a data breach. 

Device encryption, otherwise known as “encryption at rest”, is another important cybersecurity measure to consider. “Device encryption mitigates data compromise in the event of a lost or stolen device,” Kimble explained. She encourages researchers to use Bitlocker or FileVault 2 as easy ways to make sure that data on portable devices are protected if they are ever lost or stolen. 

Working in a coffee shop may be convenient, but accessing data in public places has security risks. When you’re working on a computer in public, people are able to physically see the screen, and potentially observe private information, so it is important to have situational awareness, and only access private data in a physically secure workplace. 

Flash drives can spread infections, even unintentionally. When someone uses a flash drive on a computer with malware, the flash drive can then spread malware to other computers when it is inserted, so avoiding unknown flash drives is a simple way to avoid malware. 

Another key tip is to avoid public Wi-Fi networks whenever possible. If a malicious actor has positioned themselves to intercept your traffic, they can monitor unencrypted transmitted data. If public Wi-Fi must be used, a VPN, which provides encryption in transit, and only accessing HTTPS websites are ways to mitigate risks associated with public Wi-Fi.

Kimble encourages researchers to contact her at melissa.kimble@maine.edu with questions about data security, attend ARCSIM seminars for general information, or contact ARCSIM at um.arcsim@maine.edu.