Tips for Securing Your Data
Whether you make use of research data, student information, or your own carefully crafted spreadsheets and documents, the information you store on your devices is at the core of your daily work. Things as simple as e-mail messages can contain surprising amounts of sensitive information.
It is vital that you store sensitive data in secure locations, and that you use secure methods of transmission when you need to share the data with others.
Data Security Tips
Follow these tips to ensure your information remains confidential and accessible.
Know where your data is stored—and who has access to it.
If a sensitive attachment is saved in your email, and you have your email synced to multiple devices, the sensitive attachment is on all those devices. Mobile devices also frequently enable automatic backups to iCloud, Google Drive, or some other cloud storage associated with your account, which may mean you are inadvertently transferring sensitive data into the cloud. Knowing where your data is located allows you to put proper protections in place around it, including restricting access to only those people who should have it.
Protect your identity and login credentials.
Your security questions and credentials are used to access many of the online accounts, file shares, backups, and other storage locations in which you keep your sensitive data. Avoid phishing attempts, create strong passwords, and use Multi-factor Authentication where possible: protect your identity (make this a link to the Checklist for Securing Your Identity) to protect your information.
Protect your devices from malware and theft.
Your sensitive data is only as secure as the device on which it is stored. Malicious software can create entry points into your system that allow hackers to extract your data, and can even allow them to log keystrokes to acquire passwords and other sensitive information as you type.
In addition, physical theft can allow unauthorized individuals to access your sensitive data. Secure your devices with encryption, updates, and antivirus software to secure the information you store on those devices.
Back up your data regularly.
Securing your data doesn’t only mean protecting it from prying eyes; you also want to ensure that your data can’t be changed or deleted without your authorization. Backing up your data early and often ensures that you can regain access to some version of your files even if a device storing those files is lost, stolen, or otherwise compromised.
Avoid storing sensitive information on the same device you use for browsing the web.
On your entertainment devices, the odds are high that you will be clicking on links you’ve never visited before in order to read articles or play games, which puts your device at increased risk for infection.
Consider storing sensitive information in a secure, remotely accessible location.
Storing sensitive information in a secure, remotely accessible location rather than on your devices, decreases the chances of data being lost due to theft or malware, as the device you’re using does not necessarily have to store copies of your sensitive data.
This is an especially good idea if you must use the same device for both entertainment and sensitive information processing, as your chances of malware infection are increased.
Ensure that websites are using encryption.
Before entering sensitive information, including credentials, look for signs of an encrypted web page: key identifiers include a URL for the website's login page that begins with "https" and a green padlock icon somewhere in or near your URL bar.
Do not transmit sensitive information on public networks.
This includes login credentials for accounts containing sensitive information. VPNs, such as Northwestern VPN, encrypt traffic sent over a network, and should be used any time you connect to networks that are shared with strangers (e.g., airports, cafes, hotels, etc.).
Dispose of sensitive information properly.
Though storage is cheap and it may be tempting to keep data forever, it poses a security risk as long as it exists. If you don’t need sensitive information any longer, or have a method of removing only the sensitive data within the file, it is worth deleting.