Security Considerations for Remote Research

Tuesday 06/16/2020

When conducting university research at home, a helpful acronym to keep in mind is CIA—meaning you should take steps to protect the confidentiality, integrity and availability of research data.

Confidentiality
Protecting confidentiality means you are maintaining the privacy of research information to the extent necessary. The first thing you need to determine is the proper classification of your research data and whether it is protected, private or public. Protected information encompasses information deemed confidential under federal or state laws (e.g., HIPAA, FERPA), FSU contractual obligations or privacy considerations. Protected information requires the highest level of safeguarding protection. Private information is not specifically protected by legal or contractual mandates but could cause financial loss, damage to the university’s reputation or violation of an individual’s privacy rights from unauthorized access. Public information can be viewed by anyone. At home, ITS recommends using the FSU virtual private network to create an encrypted tunnel into the FSU network from a home or public network to ensure the data remains secure while you access it. Another important consideration when protecting the confidentiality of information while working from home is to consider your proximity to others. What family members or other individuals are around you who may be able to see or access the data you are working on? Always work in a secluded space and be sure to lock your device if you need to step away.

Integrity
It is also imperative to maintain the structure of the data and make sure there are no unauthorized changes to it during storage, transmission and usage. Access controls and authentication can help protect the integrity of research data. Electronic signatures also can be used to track files through review and approval. When collaborating with colleagues, ITS encourages you to use your official FSU email account, which is protected with a tool that scans incoming messages to make sure they are not infected with malware or other viruses. This level of protection is not always guaranteed with third-party email services such as Gmail.

Availability
Availability implies the data can be readily accessed when needed. As such, it is important to install regular updates for computer security software to protect against malware, ransomware and other viruses that may compromise your research data. It is also important to back up data to a secure, second location. ITS offers Microsoft OneDrive as one cloud storage option. In the modern bring your own device work climate, you assume the liability for protecting data on your home device and must secure your machine accordingly.

Research Tools
ITS offers an assortment of tools, in addition to the ones mentioned above, to assist with your research. Use the links below to explore our available services.

For more on this topic, view the Remote Research Security webinar for the Office of Research Development.