Good data security is about more than confidentiality - it’s about protecting academic, business, research and personal data against loss due to accident or technical problems.
It is strongly recommended that you follow 3 basic steps to protect your data:
- Backup your information, make full use of your network storage drive (X drive) which is regularly backed up and protected by Institute systems.
- Make use of your Institute’s Microsoft OneDrive for Business as secondary backup location. Students can avail of other free cloud service providers such as Google Doc or Dropbox.
- Make use of encryption for sensitive or confidential information both for storing and transmitting.
Check out the below sections for more information on backup and encryption for storage, portable devices and for sending information securely.
Note: Please not availing of any of the above free cloud storage is an agreement between you and storage provider.
Backup
The personal data stored on our devices is often irreplaceable. Regular backups can help to protect your important documents, photos, music, videos and contacts.
At work, staff must preserve the confidentiality, integrity and availability of Institute data. Failure to do so could lead to financial penalties and reputational damage to the Institute.
Staff should store Institute data on only approved storage locations, check out storage sections for further information. Confidential information must be encrypted stored on a mobile device.
For students, it is highly recommended that you regularly backup data to media as USB (Memory Stick) or external hard drive. It is recommended students should avail of their student OneDrive for Business by Microsoft, check out OneDrive for more information.
Student Tip: With USB Memory sticks or external hard drives, make sure you create a file on the drive with your student ID. All student’s at least once will lose their external device, with student ID we can quickly return it to you.
Encryption
Encryption is the conversion of data into a form called cipher text that cannot be easily understood by unauthorised people. The purpose of encryption is to protect confidential or personal information during transmission over the network or unauthorised access in the event a portable device or removable media is lost or stolen.
If your portable device (laptop, tablet, smartphone) or removable device holds confidential LYIT data, particularly human subject data that is govern by Data Protection Act, then this confidential data must be encrypted.
Please check our Encryption Protection Standard document for full guidance in relation to using encryption technology to protect data stored or data transmitted electronically
Best practice is for electronic information to reside on secure Institute servers. When it is absolutely necessary to store personal or confidential data on removal media or portable devices then encryption is required. Any personal or confidential data should be only stored on encrypted removal media or portable device for a short period of time and deleted when no longer needed on the device.
The following safeguards are required to be adhere to when storing electronic documentation (personal or confidential data):
Removeable Media
- Optical storage (CD/DVD/Blue-ray) shall not be used to store electronic documents that is deemed to be personal data or confidential data.
- Only use hardware encrypted USB pen drives, known products in LYIT include, but not limited to are Integral Crypto Drive , IronKey, Kingston Data Traveler 4000 managed and Kanguru Defender 2000.
- Only use hardware encrypted external hard drives, known products in LYIT include, but not limited to are, Western Digital MyPassport portable hard drive.
- In circumstances where hardware encryption devices are not available, then it is recommended to use software encryption tools such as Microsoft BitLocker (only available in Window 10 Enterprise or Ultimate) or VeraCrypt (open source\free tool).
Portabel Devices
- All TPM supported laptops issued to staff are encrypted by default using Microsoft Windows BitLocker.
- Authorised staff who are storing any personal data or confidential data on their Institute laptop device should contact Computer Services Helpdesk to confirm if their device is BitLocker enabled.
- Guidance on how to encrypt personal tablets and smartphones are available on YouTube.
Data Transmission
In order to protect personal or confidential data been transmitted using e-mail then the following safeguards are required to be adhere to when transmitting electronic documentation:
- Compress files .zip or zipx formats using 7Zip, WinZip, or equivalent product using the 256-bit Advance Encryption Standard (AES) features or
- Encrypt the document (Microsoft Word, Excel, PowerPoint and Adobe Acrobat) using the built in encryption features within Microsoft Office (versions: 2013, 2016, 2019) or Adobe PDF.
- Ensure a strong password or pass phrase is generate to encrypt the file.
- Communicate the password or pass phrase via a telephone call to your recipient. Do not provide the password or pass phrase by e-mail.
Please remember, while attachment is encrypted, the content of the e-mail message will not be encrypted so it is important that any sensitive or confidential information be contained in the attachment (encrypted document).
Any LYIT information Systems are Services which have the potential to communicate personal data over un-secured data communication networks such as the Internet, shall use cryptographic protocols that provide security for communication over networks e.g. TLS or SSL.
Authorised staff who is required to transmit personal or confidential data over un-secured data communication networks such as the Internet to Institute approved 3rd parties must ensure that cryptographic protocols are used to secure the communication e.g. web page uses SSL (https://upload.lyit.ie) or using secure File Transfer Protocol (SFTP),li FileSender (FileSender.heanet.ie) etc.
Staff should seek advice from the Computer Services Department to confirm if transmission of confidential or personal data over the network conforms to the required security protocol.