Your research data and intellectual property are valuable, not only in the pursuit of knowledge for the betterment of society, but also to cybercriminals who seek to steal it or hold it ransom. According to the Federal Bureau of Investigation intellectual property theft is a growing threat in the digital era, and much of the threat occurs in places where “laws are lax and enforcement is more difficult.”
The theft or ransom of intellectual property and research data begin with unauthorized access to valuable information. Unauthorized access occurs through various pathways, intentional and unintentional. Hackers may gain access to our systems and your research by installing malware, capturing login credentials through a phishing attack, or stealing an unprotected device such as a laptop or cellphone. Unauthorized access and disclosure can also happen accidentally—a research assistant retains login credentials to a folder after they are no longer involved in the project, passwords are shared by members of the team, research data are sent in an unencrypted email, or data are disposed of insecurely, for example.
Universities are especially prone to security breaches for several reasons—thousands of students, faculty, and staff have login credentials that hackers can use to access the system; users may not feel personally responsible for securing university resources; universities house and manage troves of extremely valuable and sensitive data; and universities often engage with third-party service providers (e.g., cloud storage providers).
You can help protect your research data, intellectual property, and university resources by usingthe following strategies:
Avoid emailing sensitive information and protected data. Instead, use a secure file sharing service such as WUSTL Box to collaborate and share your research and data. WUSTLBox allows you to:
- Easily grant and revoke access to your files.
- Maintain a backup of your files, incorporating contributions and changes made by collaborators.
- Save versions of your files so you can easily restore them to an earlier state.
- Keep a record of access and activity for your files and folders.
Be Selective When You Share
Only grant permission to those who really need access. Remember to stop sharing your data if someone leaves your research team or no longer need access.
Use Strong Passwords and 2FA
Always use strong, unique passwords for each account. Turn on 2FA wherever possible to add an extra layer of security.
Encrypt Your Devices
Use a passcode and use services such as BitLocker and FileVault to encrypt your device. If the device is lost or stolen, your data will not be vulnerable to unauthorized access and use.
Physically Secure Your Devices
Treat your devices as if they are valuable. Never leave them unattended in public locations. Find additional device security recommendations in our Securing Devices guidance.
Be on guard for phishing attacks trying to get at your login credentials. Don’t reply to urgent requests for your personal information or passwords.
Use a loaner laptop when you travel. These laptops are preconfigured to maximize security. If your device is lost or stolen while you’re traveling, your data will still be safe, and you won’t lose your familiar machine. Find additional travel guidance here on our Travel page.
Use Vetted Services
The Office of Information Security engages in security reviews of products and software. Use these approved products to ensure better security and support when you need it.
Securely Reuse and Dispose of Devices
Before you dispose of a device or pass it along to a new user, make sure all protected and confidential data is rendered unrecoverable. Contact the Office of Information Security for assistance.