Security Tips

The iDASH system has been architected to protect sensitive data during storage and processing (i.e., research). In order to ensure that sensitive data (e.g., PHI, PII, etc.) are adequately protected, all users of iDASH need to follow certain guidelines to facilitate the protection of the data. Namely, sensitive data should not be stored on a local computer (i.e., desktop, laptop, smartphone, etc.). If sensitive data must be stored on one of these devices, then local encryption should be used. Additionally, any transfer of data must be transferred using cryptographic methods.

 

Listed below are suggestions to protect data using encryption:

Encrypting computer hard drives, files, or removable drives

  • Bit Locker - Used for encrypting the entire file system or removable drives on a Windows computer.  It is built into the operating system and runs on Windows Vista and later OS versions (Windows Vista, Windows Server 2008, Windows 7, Windows 8).
  • TrueCrypt - Used to create a virtual encrypted disk to store files in, encrypt an entire partition, or the entire storage device (pre-boot authentication, under Microsoft Windows except Windows 2000).  TrueCrypt can also be used to encrypt removable disks (USB drives, CDs, DVDs).  Runs on a MacOS or Windows system.

 

Transferring data securely

It is important that data in transit only be transferred using encrypted protocols such as:

  • HTTPS (Hypertext Transfer Protocol Secure) – provides Secure Socket Layer (SSL) encryption to standard HTTP communications
  • SFTP (Secure File Transfer Protocol)
  • SCP (Secure Copy)
  • IPSEC VPN (Virtual Private Network) connection using point-to-point encryption

Note: Use of unencrypted protocols to access the iDASH system are not allowed (e.g., FTP, Samba, etc.).

These tools support the protocols listed above:

  • WinZIP - Can be used with the AES encryption mode to securely transfer and store files. It is important to use out of band storage and communication of the encryption password.
  • 7zip - Another storage option, which can encrypt using the AES-256 encryption algorithm.
  • OpenSSL - Can be used to encrypt individual files using FIPS 140-2 compliant algorithms. OpenSSL can also be used to encrypt data at the data transfer protocol level.
  • PGP and GPG - PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard or GnuPG) – a free, compatible alternative for PGP) products provide encryption of data using a Public Key Infrastructure.

 

Protecting mobile devices

  • Use intruder lockout settings (issue warnings after six or more unsuccessful authentication attempts, wipe after 10 consecutive unsuccessful authentication attempts)
  • Force screen lock after 10 minutes of idle time
  • Use complex passcodes (greater than 4 digits and not simple swipe actions) with a 90-day expiration
  • Report lost phones to appropriate authority (Note: If phone is updated using ActiveSync, a remote wipe can be performed.)
  • Use recovery/remote wipe applications on your smartphone/ mobile device, such as the built-in Apple Find My iPhone, or open-source Prey
  • Use care when installing 3rd party applications on devices, especially from potentially untrusted sources (Examples of untrusted sources include Cydia and unreliable websites)
  • Use secure Bluetooth settings and disable Bluetooth when not needed
  • Consider using antivirus software for smartphones

 

Other Helpful Links

  • 101 Data Protection Tips from Digital Guardian *iDASH is not affiliated with this website and does not endorse the use of any particular service, tool, or provider from this list. No warranties are implied; please use your own discretion when accessing the site.