Storing and sending data securely

There are various ways you can securely store data. Use them well.

Storing data safely

There are several ways to store data securely. For the safe storage of company data, it is best to use your personal OneDrive or Teams. This will keep your data safe. With shared files, always make sure that confidential data is only accessible to authorised users. So check the read and write permissions on files and folders.

Do you still use a USB stick, external hard disk, your laptop or the cloud for data storage? Then observe the following safety measures.

Storing data securely on a USB stick

Information stored on a memory stick can be secured in two ways. You can use a hardware-encrypted memory stick (A) or special software to secure a regular memory stick (B).

There are many different brands and not all are equally safe, so make sure to be informed. Some recommendations are:

  • The IronKey Basic S250 has been approved by the Dutch government for the storage of confidential data.
  • The Kingston DT 4000 encrypted USB stick is a high-quality, cheaper alternative with an adequate security level (FIPS 140-2 level 2, strong encryption, strong casing, limited number of log-in attempts, strong password requirements).

The IronKey memory stick is better because it has additional physical security features. Cheaper hardware-encrypted memory sticks such as those made by Corsair tend to be less safe.
Note that with the more secure memory sticks, the stored data will be destroyed after a certain number of incorrect password entry attempts (e.g. ten).

B. Software for securing your USB stick

Another option is using encryption software (e.g. VeraCrypt). However, this also has some drawbacks, since it requires more knowledge and effort and you are not forced to use a strong password as with the hardware-encrypted memory sticks recommended above. You can also select specific files or folders on your memory stick to secure, for instance using AES Crypt.

Storing data securely on SURFdrive

SURFdrive is a personal cloud storage service for the Dutch higher education and research sector, which lets employees easily store files and share these with users at fellow institutions and with external users via a registered email address. If you work with AUAS staff, you can collaborate with them using SURFdrive.

SURFdrive complies with all Dutch and European privacy legislation. For example, SURFdrive has conditions of use that ensure data safety during use as well as retention of ownership of your own data. Data is securely stored in the Netherlands and never made available to external parties. Consequently, your data is safe – on the condition that you encrypt all your confidential data.

Encrypt (highly) confidential business information on SURFdrive

If you use SURFdrive to store highly confidential business information (e.g. relating to tenders, or a large quantity or special personal data), you must encrypt them, for example using AES Crypt or .ZIP software such as 7-Zip. Encryption is also recommended when storing confidential data, as there is always a risk of data ending up on an unsecured device via synchronisations.

Dropbox: not suitable for the storage of confidential AUAS information

Dropbox is not suitable for the storage of important or confidential AUAS information. Although Dropbox does provide security, backup and access facilities, there are a number of drawbacks:

  • Cloud services such as Dropbox are American companies governed by American law and therefore do not comply with Dutch and European legislation regarding the protection of personal information.
  • Though files are encrypted, no end-to-end encryption is used and no guarantee exists that they cannot be accessed by others. Theoretically, Dropbox itself can also view files.
  • The verification file needed to gain access to data in a Dropbox account can be transferred to another PC, enabling unauthorised individuals to gain access to your files without needing login details.
  • AUAS is unable to offer any help or support in the event of theft.

Encrypt confidential data before sending

When transferring/emailing confidential information, such as research data and/or personal details, always encrypt the files first. You can do so using .ZIP software with an encryption function, such as Winzip of 7-zip.

Published by  ICT Services 30 June 2022