From the Dean's Desk: Security, security and more security
A new world order is threatening our data. And I can see that everyone is taking it very seriously, because we have a great responsibility to protect our work and, not least, the people who provide information about their lives for our research, or blood samples or tissue.
"From the Dean’s Desk" – a column in Inside Health
Shortly after a meeting in the Academic Council at which we talked about involvement, I received an email from one of the members of the council. She had thought about our discussions and suggested that I write directly to employees at Health in the faculty's newsletter. She suggested that I could write about some of the initiatives currently on my desk, so that all employees can keep abreast of some of the things we’re working on at the faculty.
I think it's a brilliant idea - thank you! I intend to continue this column once a month from now on.
It’s staggering. When I was an active researcher a few years ago, data security was by no means the first thing I considered in a research project. Of course, security had to be in place, but the fear that malicious, foreign powers could gain access to my data was not top of mind.
Now we’ve woken up to a new world order, and data security has become a central issue throughout the university. Together with our IT department, I spend a lot of time working on how best to protect our data, so that researchers don't just consider it a hassle, but see it as a much needed and critical shield.
I’m experiencing ever greater awareness of the importance of protecting the data we work with. Department heads take data security very seriously, and researchers now incorporate security into their routines as naturally as taking hygiene precautions in the laboratory.
This responsibility is particularly great here at Health, where we store and process large amounts of sensitive and confidential information on a daily basis.
People who entrust us with personal data or biological material must be confident that we are doing everything in our power to store it safely. Data security is also crucial for our external partners. At any moment, a single data leak or a serious cyberattack can challenge the outside world's trust in us – a trust that is vital if we are to be able to carry out our work. Not only now, but also in the future.
Fortunately, our researchers are careful not to store and share data on private computers, separate hard drives, Dropbox, USB sticks and emails, but instead they use the secure and thoroughly tested solutions provided by AU.
I'd like to mention a few examples from our departments: Both internal and external researchers can work with sensitive data through virtual desktop infrastructure (VDI) without the data physically leaving our secure IT environments. Most recently, we introduced ERDA and SIF as supplements to RedCap for storing research data, and security checks of our IT systems for collecting data in clinics and laboratories are being performed at several places.
The IT department can lend us specially secured phones and PCs if we are travelling to unsafe third countries such as Russia, Iran or China, where we are no longer allowed to bring work computers and phones due to the risk of data theft.
Security is not solely the responsibility of the individual researcher or department. The senior management team has developed a plan to improve cyber security at AU. Most new initiatives will go unnoticed; they’ll take place in the "server room". But there will also be solutions that may be perceived as restrictive. These protect our work and, not least, the people who have provided information about their lives, blood samples or tissue for our research.
Although these extra precautions may seem cumbersome, they’re crucial, because we’re determined never to jeopardise our knowledge and data or the outside world's trust in us.