Posting information via Social Networking sites (i.e., Facebook, Twitter, etc.)
If you answered yes to any of the above, then please take the time to answer the following questions:
Privacy and Confidentiality
How will the company store your data protect the privacy and confidentiality of your data?
Ask them what encryption they use for "data at rest," "data in motion," and "data in transit."
Carefully review all terms and conditions and privacy policies before posting potentially sensitive data or risky data to third party sites. Look for key things such as:
Who do they share information with?
What protections are in place for your stored data?
What happens to your data if they go out of business or a merger takes place?
Who do you contact for technical assistance? What are the hours of their help desk?
How will the company storing your data protect the Integrity of your data?
How can unauthorized modification be detected?
The answer should be along the lines of "we have security staff that regularly monitor to detect unauthorized access or unauthorized changes." Ask for a reference to their policy or internal guidelines that state that this is what they do.
How will the company partner with AU in the event of a cyber breach?
Use caution, if connecting to the Internet via a public wireless service such as an "Internet Café" or "Hotel" service to upload documents to your "private e-mail." Cyber criminals often monitor and intercept unprotected wireless traffic.
How do you protect yourself?
Ensure that the web page you are typing your login credentials (username and password) into uses SSL (secure socket layers). You will know this by looking at the web page address. It should begin with https:// and several browsers, for example Internet Explorer, illustrate that a web page uses SSL by adding an icon of a locked lock at the end of the web page address field.
Consider changing your password more frequently than you normally would to protect your e-mail access should a cyber criminal discover your credentials, when you figure it out your credentials have been exposed (if you do), it will be too late.
Remember to create strong passwords. Combine mixed case and a symbol or two and make the password as long as possible at least 8 characters. Avoid using words found in any language found in any dictionary.
Consider using encryption to protect your data on your system from prying eyes.
Personal computer? One encryption product that is free and used by many security professionals is a product called TrueCrypt available for download at http://www.truecrypt.org/downloads.
University issued computer? Should already be encrypted using the University's licensed product, PGP. If your University-owned laptop is not encrypted, please call the Help Desk at 202-885-2550 to schedule an appointment.
Portable USB devices with encryption and password protection. Many retail stores, such as Best Buy, sell these devices. If research data is recorded and transcribed directly to this type of device, it would ensure that the data is protected between the time it is being received and up until it is transferred to another storage location.
Note: Some countries prohibit the use of encryption please refer to the University's Export Control Policy
If you are concerned about "seizure of your field notes," and can't use encryption, consider USB thumb drives, as they are small and easier to conceal.