The following list of security tips are recommended to help manage and protect confidential human subject data. For specific information regarding computer security, please consult with the University Technology Services(UTS)at Florida International University (FIU).
- Make regular back-ups of critical data
- Lock your workstation and go offline when not in use
- Turn your computers off when you leave for the day
- Use virus and spyware/adware protection software
- Use a software and/or hardware firewall
- Use an uninterruptible power supply (UPS)
- Regularly download software security patches
- The longer the better
- Should be changed every 3 months
- Should not be found in any dictionary in any language
- Never write them down or share them with anyone
- Use alphanumeric characters
- Misspell woords & add speshul ch@ract3rs
- Easy to remember phrases can equal complicated passwords
- Keep confidential documents off your desk
- Do not share your access
- Take note of strangers in your area
- Use laptop locking devices
- Keep a record of make, model, serial number
- Do not store laptops in your automobile
- Store confidential data in a water/fire proof safe
Internet Data Collection Security
- IP addresses can identify an individual’s computer
- Use a sophisticated website script that prevents people from abusing and spamming your online data collection
- Email is not a secure method of data collection. If you must use email, you should use “encrypted” email (e.g., PGP encryption).
Internet Web Server Concerns
- Is SSL utilized to secure the transmission of data?
- What security measures are in place to protect the stored data? Is the data routinely backed up?
- What does the company do with the information gathered from visitors? How long are log files kept?
- What does the organization do with the data at the end of the research project?
- What are their privacy and confidentiality policies?
- Examples include the following types of third party services: Social Networking Services, Online Backup Services (e.g., Dropbox), Google Docs, Network Storage, Web-based Email (e.g. Gmail, Hotmail).
- Identifiable research information cannot be stored on a third party cloud computing environment unless specifically approved of by UTS and the IRB.
- The FIU Office of Research Integrity advises against the use of cloud computing in the research setting.
- Alternatives to third party cloud computing services can be configured with UTS on secure FIU managed servers and/or Microsoft SharePoint.
Types of Confidential Information
- Financial information
- Medical information
- Personal information (e.g., SSN, birthdates, etc)
- Academic records (e.g., grades, evaluations, etc)
- Identifiable human subject research
- Industry secrets and defense research
- Patentable research
Protecting Confidential Data
- Use encryption to protect confidential files
- Windows XP Professional has the Encrypting File System (EFS)
- Windows 7 has the BitLocker Drive Encryption
- Third party programs can offer high levels of encryption (e.g., AES, Blowfish, 3DES, etc.)
- Store all critical information on removable media with encryption
- Keep confidential files off of network drives
- Remove identifiers and randomly code confidential data
Disposal of Confidential Data
- Cross-cut shredders are better than strip-cut shredders to destroy paper-based confidential data.
- Data ARE NOT completely deleted off of your hard drive when you click the delete button, empty the recycle bin, or reformat the hard drive on your computer.
- Data should be securely deleted from your hard drive by using a data erasing software program that is designed to completely remove sensitive data.
The following free programs are alternatives to paid software applications. However, they are not supported by Florida International University (FIU), so they are to be used at your own risk. FIU is not responsible for any loss or damage (including but not limited to any damage to any computer system, software, or data) as a result of using these programs. Please review the license agreement for each software application prior to installing it on your computer.
File Archiver/Zip Utility
Folder Synchronization Backup Utility
Temp File Cleaner
Secure File Erase Utility
Secure Drive Erase Utility
Secure File Encryption Utility
Secure Drive Encryption Utility