Amsterdam University of Applied Sciences

Saving and sending data securely

When saving important or confidential data, your best choice is to use the AUAS's central storage services: the AUASnetwork (W, T- and U drive) or MyAUAS. Your data are kept safe here and backups are made of your files. If you share files, make sure that confidential data are only accessible to authorised individuals by checking the reading and editing rights on files and folders. MyAUAS is not suitable for storing highly confidential data (e.g. special personal data). We advise you not to save data on a USB memory stick, external hard disk, laptop or in the cloud. If you do so anyway, be sure to observe the following safety precautions. Always encrypt confidential data before sending.

USB memory stick

Information stored on a memory stick can be secured in two ways. You can use a hardware-encrypted memory stick (A) or use special software to secure a regular memory stick (B).

A. Recommended hardware-encrypted USB sticks

There are many different brands and not all are equally safe, so make sure to be informed. Some recommendations are:

  • The IronKey Basis S250 has been approved by the Dutch government for the storage of confidential data.
  • The Kingston DT 4000 encrypted USB stick is a good cheaper alternative with an adequate security level (FIPS 140-2 level 2, strong encryption, strong casing, limited number of login attempts, strong password requirements).

The IronKey memory stick is better because it has additional physical security features. Cheaper hardware-encrypted memory sticks like those made by Corsair tend to be less safe.
Note that with the more secure memory sticks, the stored data will be destroyed after a certain number of incorrect password entry attempts (e.g. ten).

B. Software to secure your USB memory stick security software

Another option is using encryption software (e.g. VeraCrypt). However, this also has some drawbacks as it requires more knowledge and effort and you are not forced to use a strong password as with the hardware-encrypted memory sticks recommended above. You can also select specific files or folders on your memory stick to secure, for instance using AES Crypt.

Dropbox: not suitable for confidential AUAS data

Dropbox is not suitable for the storage of important or confidential AUAS data. Dropbox does provide security, backup and access facilities. However, there are a number of drawbacks:

  • Cloud services such as Dropbox are American companies governed by American law and therefore do not comply with Dutch and European legislation regarding the protection of personal information.
  • Files are encrypted, but not using end-to-end encryption, so there is no guarantee that they cannot be accessed by others. Theoretically, Dropbox itself can also view files.
  • The verification file needed to gain access to data in a Dropbox account can be transferred to another PC, enabling unauthorised individuals to gain access to your files without needing login details.

AUAS is unable to offer help or support in the event of theft.

Always encrypt confidential data before sending

When transferring/emailing confidential information, such as research data and/or personal data, always encrypt the files first. first You can do so using .ZIP software with an encryption function, such as Winzip or 7-zip. 

 

Published by  ICT Services 4 September 2018