The following list of security tips are recommended to help manage and protect confidential human subject data. For specific information regarding computer security, please consult with the University Technology Services(UTS)at Florida International University (FIU).
Computer Security

• Make regular back-ups of critical data
• Lock your workstation and go offline when not in use
• Turn your computers off when you leave for the day
• Use virus and spyware/adware protection software
• Use a software and/or hardware firewall
• Use an uninterruptible power supply (UPS)
• Regularly download software security patches

Password Management

• The longer the better
• Should be changed every 3 months
• Should not be found in any dictionary in any language
• Never write them down or share them with anyone
• Use alphanumeric characters
• Misspell woords & add speshul ch@ract3rs
• Easy to remember phrases can equal complicated passwords

Physical Security

• Keep confidential documents off your desk
• Do not share your access
• Take note of strangers in your area
• Use laptop locking devices
• Keep a record of make, model, serial number
• Do not store laptops in your automobile
• Store confidential data in a water/fire proof safe

Internet Data Collection Security

• IP addresses can identify an individual’s computer
• Use a sophisticated website script that prevents people from abusing and spamming your online data collection
• Email is not a secure method of data collection. If you must use email, you should use “encrypted” email (e.g., PGP encryption).

Internet Web Server Concerns

• Is SSL utilized to secure the transmission of data?
• What security measures are in place to protect the stored data? Is the data routinely backed up?
• What does the company do with the information gathered from visitors? How long are log files kept?
• What does the organization do with the data at the end of the research project?
• What are their privacy and confidentiality policies?

Cloud Computing

• Examples include the following types of third party services: Social Networking Services, Online Backup Services (e.g., Dropbox), Google Docs, Network Storage, Web-based Email (e.g. Gmail, Hotmail).
• Identifiable research information cannot be stored on a third party cloud computing environment unless specifically approved of by UTS and the IRB.
• Information stored in a cloud computing environment may be considered the cloud vendor’s data. If you opt to use these services for storing anonymous data, be aware of the vendor’s usage policy and privacy policy.
• The FIU Office of Research Integrity advises against the use of cloud computing in the research setting.
• Alternatives to third party cloud computing services can be configured with UTS on secure FIU managed servers and/or Microsoft SharePoint.

Types of Confidential Information

• Financial information
• Medical information
• Personal information (e.g., SSN, birthdates, etc)
• Academic records (e.g., grades, evaluations, etc)
• Identifiable human subject research
• Industry secrets and defense research
• Patentable research

Protecting Confidential Data

• Use encryption to protect confidential files
  • Windows XP Professional has the Encrypting File System (EFS)
  • Windows 7 has the BitLocker Drive Encryption
  • Third party programs can offer high levels of encryption (e.g., AES, Blowfish, 3DES, etc.)
• Store all critical information on removable media with encryption
• Keep confidential files off of network drives
• Remove identifiers and randomly code confidential data

Disposal of Confidential Data

• Cross-cut shredders are better than strip-cut shredders to destroy paper-based confidential data.
• Data ARE NOT completely deleted off of your hard drive when you click the delete button, empty the recycle bin, or reformat the hard drive on your computer.
• Data should be securely deleted from your hard drive by using a data erasing software program that is designed to completely remove sensitive data.

Free Security Programs
The following free programs are alternatives to paid software applications. However, they are not supported by Florida International University (FIU), so they are to be used at your own risk. FIU is not responsible for any loss or damage (including but not limited to any damage to any computer system, software, or data) as a result of using these programs. Please review the license agreement for each software application prior to installing it on your computer.

Anti-Virus

• Microsoft Security Essentials
• AVG Antivirus Free Edition
• Avast! Home Edition

Adware/Spyware Remover

• Malwarebytes Free
• Ad-Aware SE Personal
• Spybot Search & Destroy

Firewall

• ZoneAlarm Free
• Kerio Personal

File Archiver/Zip Utility

• IZArc
• 7-Zip

Folder Synchronization Backup Utility

• SyncBack

Temp File Cleaner

• CCleaner

Secure File Erase Utility

• Eraser

Secure Drive Erase Utility

• Darik’s Boot and Nuke

Secure File Encryption Utility

• AxCrypt

Secure Drive Encryption Utility

• Bitlocker (Windows)
• FileVault (Mac)

Password Manager

• KeePass
• KeyWallet