Protecting data

Everyone has an interest in protecting their own data. That does not only apply to your personal details, but also to the information you work with. If, for example, you are conducting a study, you obviously do not want that data to become public before you yourself have published them. You must also protect the details of other persons you record for your research. Therefore you should take the following measures to protect data yourself.

Practical measures

The following measures are obvious and easy to take:

Encryption

Encryption is a technical tool to protect data. We advise using encryption when recording research data. But it can also be used for other data.

You can encrypt your website or information in various ways. The most commonly used forms of encryption are certificates. This ensures that the information flow between website and browser can not be seen. Any employee or student with a website located on our network or under utwente.nl can apply for a certificate. Click on the links below.

  • Encrypted transport of files

    To transport large files over the network, you can use the SURFfilesender service. Do not forget to set the checkmark at "Encrypt this file".

  • Send encrypted emails

    If you wish to protect the privacy of an email message, you can encrypt it. There is one restriction: attachments must not exceed 25MB. If you need to send larger files, it is best to use Filesender.

    When you encrypt an email message in Outlook, the legible, plain text is converted into code. Only the addressee with a private key belonging to the public key used to encrypt the message can decrypt it. Any addressee who does not have the corresponding private key will only see coded text and will not be able to decrypt it. Two steps are needed to encrypt an email in Outlook, first setting up a private key and then indicating you want to encrypt the message. You can also opt to encrypt all outgoing email messages but you will then need to exchange the public keys with all recipients. The two steps are as follows:

    1. requesting a key; (go to requesting personal certificate)

    2. encrypting the email. 

  • Encrypting files

    When you have encrypted your hard disc any files copied from that hard disc is decrypted during the copy operation. In such a case you should encrypt the file itself.

    Always use a program that is designed for encryption and nothing else, which is open source, and available for multiple platforms. Do not use a standard built-in encryption functionality offered, for instance, by 7-zip, as this is known to be very weak and can easily be cracked if you know the type of the files.

    GnuPG for experienced users

    GnuPG (GNU Privacy Guard) supports both symmetrical and asymmetrical encryption.

    Make sure that people who have to decrypt your files are also used to GnuPG.

    Please note that GnuPG is not easy for beginners. Below we discuss two more user-friendly encryption tools.

    AES Crypt (symmetrical encryption)

    A user-friendly open source cross platform encryption tool is AES Crypt. From the website you can download the version for your platform and install it on your computer (home directory, e.g. c:\users\bob). The website offers clear guidelines for each platform.

    AGE (asymmetrical encryption)

    Asymmetrical encryption is recommended when sharing of a single encryption key is not desired or admitted, or when the risk of losing the key for decryption is higher, often in case of long-term archiving of data.

    AGE is an asymmetrical encryption tool which means that it generates a key pair. AGE can be freely downloaded here. Scroll to ‘Assets', expand, and download the file for your platform.

  • Encrypting a hard disc/device

    In case you forget to encrypt sensitive data, you can also encrypt the whole storage disc. Both Windows and Apple computers (hard drive and USB) have this option, as do Android devices, iPads and iPhones.

    Windows: 

    1. enable Bitlocker in Windows 10 by going to Configuration; 
    2. type bitlocker in the search bar and press Enter; 
    3. click on Manage Bitlocker and click to activate Bitlocker. 

    Apple: 

    1. select the Apple menu > 'System Preferences' and click on 'Security and Privacy'; 
    2. click on the tab 'FileVault'; 
    3. 2 click on the Lock button and enter the admin's name and password; 
    4. click on 'Enable FileVault'. 

    Android: 

    1. make sure that a screensaver with a PIN or password has been set on the device; 
    2. in Settings, select the option Security > Encrypt Device. (On some phones, you will need to choose Storage > Storage encryption or Storage > Lock screen and security > other security settings to find the 'Encrypt' option); 
    3. follow the instructions shown on the screen. During the encryption process, the device may restart several times. 

    Ipad and Iphone: 

    1. activate a PIN or password. If your device has a Touch-ID fingerprint scanner, use that option; 
    2. as soon as you have set a PIN, the entire contents of your Iphone will be encrypted.