Storing and sending data securely

For secure data storage, use: ONEDRIVE

For secure storage of company data, it is best to use OneDrive. It keeps your data safe and backs up files. If you share files, make sure that confidential data can only be accessed by those authorised to do so. So check read and write permissions on files and folders.
Note: OneDrive is not suitable for storing highly confidential data (e.g. special personal data).

Storage outside OneDrive we strongly advise against

Because of the security risks (loss, theft, privacy law, etc.) we strongly advise against storage outside OneDrive! Do you nevertheless use a USB stick, external hard drive or your laptop for data storage? Then observe the following security measures!

Send large and/or confidential files with SURFfilesender

SURFfilesender is a secure SURF service that can be accessed using your AUAS ID.

Send confidential data always in encrypted form

When sending/emailing confidential data - such as research data and/or personal data - always encrypt the files. You can do this with a ZIP program with encryption function, for example Winzip or 7-zip.

Store and share data via cloud service OneDrive

OneDrive is your secure, personal file storage in the Microsoft 365 cloud. With your AUAS account, you can access your personal documents anytime and anywhere because they are stored online.

Would you like to use OneDrive? Then we ensure that your documents are secured with the so-called two-step-verification. You have to set this up yourself when you start using OneDrive.

OneDrive complies with Dutch and European privacy legislation. Easily, OneDrive has terms of use that guarantee safe use, where you remain the owner of your own data. The data is securely stored in the Netherlands and is never given to third parties so your data is safe there - provided you always encrypt confidential data.

Dropbox: not suitable for the storage of confidential AUAS information

Dropbox is not suitable for the storage of important or confidential AUAS information. Although Dropbox does provide security, backup and access facilities, there are a number of drawbacks:

  • Cloud services such as Dropbox are American companies governed by American law and therefore do not comply with Dutch and European legislation regarding the protection of personal information.
  • Though files are encrypted, no end-to-end encryption is used and no guarantee exists that they cannot be accessed by others. Theoretically, Dropbox itself can also view files.
  • The verification file needed to gain access to data in a Dropbox account can be transferred to another PC, enabling unauthorised individuals to gain access to your files without needing login details.
  • AUAS is unable to offer any help or support in the event of theft.

USB stick

Information stored on a memory stick can be secured in two ways. You can use a hardware-encrypted memory stick (A) or special software to secure a regular memory stick (B).

There are many different brands and not all are equally safe, so make sure to be informed. Some recommendations are:

  • The IronKey Basic S250 has been approved by the Dutch government for the storage of confidential data.
  • The Kingston DT 4000 encrypted USB stick is a high-quality, cheaper alternative with an adequate security level (FIPS 140-2 level 2, strong encryption, strong casing, limited number of log-in attempts, strong password requirements).

The IronKey memory stick is better because it has additional physical security features. Cheaper hardware-encrypted memory sticks such as those made by Corsair tend to be less safe.
Note that with the more secure memory sticks, the stored data will be destroyed after a certain number of incorrect password entry attempts (e.g. ten).

B. Software for securing your USB stick

Another option is using encryption software (e.g. VeraCrypt). However, this also has some drawbacks, since it requires more knowledge and effort and you are not forced to use a strong password as with the hardware-encrypted memory sticks recommended above. You can also select specific files or folders on your memory stick to secure, for instance using AES Crypt.

Published by  ICT Services 24 February 2023