Security
How do I keep my data secure?
How do I manage security when working away from the University?
How do I encrypt my data?
How should I get rid of confidential data?
Further reading
Who can help me with security at the University of Glasgow?
You can guard against malicious and unintentional damage to data by controlling access so only authorised people can read, edit or use it. The level of security you apply depends on how sensitive your data are and the severity of risk posed by breaches. Personal and confidential data typically require higher levels of security, as they are subject to legislation such as the Data Protection Act.
You can create strong, memorable passwords by by substituting numbers and symbols for letters e.g. 'Universitas' becomes Un1versit@s
Here are some basic security tips:
- Use physical locks and protect your computer (press 'ctrl' + 'alt' + 'del' to lock workstation);
- Use strong passwords, change them periodically – and don’t share them! (University password policy);
- Choose appropriate storage – University storage is more secure than online file sharing services, and non-networked storage is better for sensitive data;
- Update your firewalls and antivirus software. (IT Services software updates);
- Ask your administrator or IT support person to review and update who has read-only and edit rights for shared drives;
- Record and monitor who accesses data so you can track changes;
- Where appropriate, anonymise data or separate content according to security needs e.g. public health studies store personal data about research participants apart from the main study data;
- Use encryption to transfer sensitive data securely e.g. by encrypting data on portable media or using encrypted transmission services such as the Virtual Private Network (VPN).
Physical records need the same degree of care. Confidential data should be kept in locked filing cabinets in locked rooms and disposed of securely.
How do I manage security when working away from the University?
You probably need to access documents and files from home or when you’re away from the office, so what is the most secure way to do this?
Transferring files by email is very fast and convenient, but bear in mind that it’s not secure and increases storage requirements eight-fold!
- Use the Virtual Private Network ('VPN') so you’re protected by the University security protocols and can transfer data securely.
- If you use networked storage and have a GUID, you can access your files remotely using Standard Staff Desktop remote access;
- You can also use portable storage media, such as USB sticks, or online file-sharing systems to transfer data, but bear in mind that these are less secure. Encryption makes these options more secure.
Further guidance is available on options for secure remote access and choosing portable storage media.
Encryption allows you to protect confidential data on your machine and whilst it is in transit. TrueCrypt is a free, open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. IT Services provide guidance on installing and using TrueCrypt, as well as how to read encrypted drives.
It’s useful to keep a secure note of passwords, e.g. on paper in locked filing cabinets or in an encrypted digital file, as you and others will need these in the future.
How should I get rid of confidential data?
Papers and data that contain sensitive information and therefore have a selected readership need to be disposed of carefully.
- Small amounts of paper can be destroyed using a cross-cut shredder and put in office paper-recycling bins;
- Large volumes of paper should be disposed of by the confidential waste service;
- Computer equipment and storage media should be destroyed via CCL (North) Ltd – the University’s approved contractor;
- CDs can be destroyed on a machine held by the Data Protection Office.
The Data Protection and FoI Office provides guidance on the disposal of records and IT Services provide details on disposal of IT equipment.
University of Glasgow IT services security tips [WEB, c. 5 pages]
A guidance webpage covering a variety of security topics including physical and workstation security, software downloads and MD5 hashsums.
Who can help me with security at the University of Glasgow?
The IT Services help desk can provide more advice on the options available to you for data security.
Email helpdesk@it.gla.ac.uk.
Phone: 0141 330 4800
The Records and Information Management Service in the Data Protection and FoI Office can be contacted if you require further guidance or advice on the topic.
Email: recman@gla.ac.uk.
Telephone: 0141 330 3111