Tips to prevent data leaks
-- THIS PAGE IS WORK IN PROGRESS --
Encrypt your hard drive! How do I do that?
With a stolen electronic work facility, there is a (possible) data leak and this has to be taken serious. To limit the damage, we would like to emphasise again the importance of disk encryption.
PLEASE SETUP YOUR DEVICE WITH DISK ENCRYPTION IF YOU HAVEN'T ALREADY DONE THAT!
Every modern operating system nowadays offers the possibility to do this and setting this up is very simple. See below for how to set this per operating system.
In Windows this functionality is called 'Bitlocker', here is described how you can easily set this yourself: https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838
In macOS this functionality is called 'FileVault', here is described how you can easily set this yourself: https://support.apple.com/en-us/HT204837
For the Unix users among us there are various options for encrypting your hard drive, please check the following link: https://www.tecmint.com/file-and-disk-encryption-tools-for-linux/
Tips on preventing data leaks
Below are some tips that can help to prevent that your account will be abused and a data leak occurs. More extensive documenation in Dutch can be found on the site of the National Cyber Security Centre (NCSC).
Accounts and passwords
- Do not use your Nikhef email address for private purposes.
- Choose strong passwords, certainly for work accounts or (private) banking accounts. Strong passwords are long (at least 10 characters), include various types of characters (lowercase and uppercase, numbers and special characters like !@#$%^&*()_+;':",./<?>. Password that can be guessed because they are based on names or dates are not strong.
- Use different passwords for all accounts and all registrations with web sites.
- To remember all these different passwords, use a password manager like KeePass (https://keepass.info/), LastPass (https://lastpass.com/?lang=en_UK) or Bitwarden (https://bitwarden.com/).
- Do not store passwords in unencrypted files.
- Accounts and passwords are personal. Do not share them with others, also not with your colleagues.
Storing sensitive data
Sensitive data typically are personal data about other people. Within the scope of Nikhef, typical examples are information about applicants, apprentices and (former) employees, including (email) addresses, phone numbers, education or past work experience.
- Collect and process only required information. Do not ask for data about people which is not strictly required.
- Always inform the Computer Technology department if you intend to collect, store or process a new collection of sensitive data.
- Remove data about persons when the data is not needed anymore. For example, after the end of an application procedure or when someone has left the institute.
- Only store sensitive data on encrypted devices. That applies to your laptop and telephone, but also backups on a USB disk or NAS device at home.
- Periodically clean up old data. Remove files that are no longer needed or will not be used anymore.
- Organize sensitive data, know what you store and where you keep it, so that you can easily clean up when the data are no longer needed.
Take into account that when you travel to certain countries the information on laptops or telephones can be inspected or copied by security agencies, or that they can take control of the device. This may happen when travelling to China, Russia, Iran, Turkey (article in Dutch) and the United States.
- Bring an empty laptop and telephone, which you normally do not use. You can temporarily borrow a laptop via the Helpdesk.
- Make sure there are no sensitive information or passwords on the telephone or laptop when travelling to these countries. The Helpdesk laptops are completely re-installed after each use.