Learn how to protect yourself and your research effectively
Open and collaborative research is indispensable, however there are inherent risks.
It is important to know what the risks are, what you can do to mitigate them, as well as what tools are available to you to help keep yourself and your research safe.
- What are the risks to you and your research
Why do I need to protect my research?
Canadian led research is a very attractive target. We are at the forefront of research on the world stage.
Stolen research could be used by other countries to purposely cause harm in scenarios such as military or intelligence.
COVID-19 has increased the risks associated with data theft as hackers and nation states have increased the frequency and complexity of their attacks.
What are possible consequences of not securing your research data?
There are many consequences to not securing research data. Some examples include:
- Loss of data
- Loss of control over intellectual property, patent opportunities and potential revenue
- Legal or administrative consequences
- Intentional or not, failure to comply with legislation may expose you to admin sanctions, litigation or criminal charges
- Breaches of confidential information will infringe on Trent policies and possibly partnership agreements. This could result in those partners no longer trusting you with confidential information in the future as well as rendering you ineligible for future federal funding opportunities
- Loss of future partnerships
- Tarnished reputation
Who are you at risk from exactly?
Typically the threat is from people that are acting on behalf of an outside interest (competitors, foreign governments, terrorist or organized crime groups) however other threats can include the following:
People from outside your research team or Trent as a whole, this could include:
- visiting students/faculty
- private sector collaborators
- foreign government reps
- not for profits
- commercial competitors
People from within Trent who may have direct or indirect access to knowledge or proprietary materials including:
Unfortunately, some countries view others' research as an opportunity to advance their own objectives. They may use people or cyber means to get at the info they seek.
What parts of my research may be vulnerable?
It is important to assess the risk profile of your new or ongoing research project.
Example areas of concern:
- Potential for significant commercial impact:
- Is your research likely to have a future commercial or patentable benefit? This very same benefit may appear very appealing to individuals who want to gain access to your research.
- Potential for significant national security impact:
- Are there any ways that your research's information or technology could have unintended/secondary military applications (dual-use applications), or could contribute to military proliferation?
- Is any of your research subject to Canada's - or other countries' - export license controls?
- Does your research include working with controlled goods?
- Potential for ethical or privacy concerns related to sensitive data:
- Does your research require you to store and protect sensitive data or personal information including: genetic or medical information and records, disaggregated population datasets, or details of individuals' or commercial test data?
- Are there any potential ethical or moral concerns in your research or research data, in particular if an unauthorized third party misuses or accesses it?
- Are there weaknesses in your data storage and protection plans, such as strategic access points, where non-authorized individuals could access or transmit this sensitive data?
- Could foreign militaries or governments with different ethical standards use your research to support activities such as internal surveillance or for political/military oppression?
What steps can be taken to protect your research?
There are many tools at your disposal. When used correctly you can greatly reduce your risk.
Please view the next tab below to continue.
- IT Security Safeguards
Secure your MyTrent account
Set up MFA (Multi Factor Authentication) on your Trent account. This makes it near impossible to hack into your account even if the hacker has your password.
Click below the following link for a guide on setting this up for yourself:
Store your research data safely
We offer multiple options here at Trent for doing exactly this. Don't ever rely on just one copy of your files stored on your computer or USB hard drive/stick, it's imperative they are backed up and protected from theft. The easiest way to do that is to use cloud storage.
Read all about how to utilize our H, S, or OneDrive and SharePoint cloud storage to make your life easier, and your documents safer:
Securely email sensitive data and files (internal only)
When sending emails from your Trent account using Outlook, you can easily encrypt and classify them (sensitive, highly sensitive) as well as block them from being forwarded.
In Outlook App on Windows:
Create a new email > click File > click the 'Set Permissions' button under the 'Info' section.
In Outlook App on MacOS:
Create a new email > click Draft along the top menu bar > highlight Encrypt > make your selection
In Outlook Web Access:
Create a new email > Click the 'Encrypt' button above by the 'Send' button.
You can protect documents in the same way. In Word, Excel, Powerpoint:
Click File > Info > Protect Document/Workbook/Presentation
Share your research data files and folders safely (internal or external)
When it comes to file sharing, OneDrive, SharePoint, and now Teams are the approved methods. They even work to securely share files to folks outside of Trent, so you can easily send documents back and forth with researchers elsewhere, whether they have a Microsoft O365 account or not.
Please see the links below for more information on each :
Protect all your related online identities
Update your passwords, make them strong and unique. Learn how to manage your growing list of passwords safely. Setup MFA on these accounts as well etc.:
Protect yourself from phishing attacks
Phishing attacks through email have gone up 667% since COVID-19 (according to email protection provider Barracuda). Watch an example of how easy it can to be tricked, and make sure you never fall victim. If your credentials ever get compromised, anything you have access to is at risk, including your research data:
Learn about Social Engineering and how to defend yourself and your data from it
Cyber criminals are always innovating and adapting, however there are many tactics that continue to work consistently enough that there’s no reason to move away from them. Learn about one such example below:
Encrypt your devices to keep your data safe even in the event of theft
Encryption options vary depending on what platform you’re using. Click the following link to see your options:
- Research Project Specific Safeguards
Build a strong project team
The integrity of your research relies heavily on knowing and trusting the people in your team.
Verify all team members’ professional history and assess alignment with the research priorities for this project.
Conduct appropriate reference checks and due diligence on all members of the team. Are their credentials, publications and affiliations in line with what they told you? Consider asking colleagues who may have more direct knowledge of the individual than you, and review the individual's publication history and affiliations through SCOPUS or a similar tool.
Assess existing or potential conflicts of interest or affiliation that would impede collaboration with any team member.
Ask yourself, "Could critics use the interests or affiliations of my team members to discredit our findings, regardless of the quality of the research itself?"
Discuss and agree on a clear set of goals and measures of success for the project with all team members.
Developing and discussing "S.M.A.R.T." goals (goals that are specific, measurable, achievable, relevant, time-bound) with your team can help ensure alignment and avoid disagreements once the project is underway. An introduction to S.M.A.R.T goals can be found at https://www.smartsheet.com/blog/essential-guide-writing-smart-goals.
Discuss project risks internally and make a plan for their mitigation, involving external team members as appropriate.
Brainstorm potential project risks with your team and fill out a risk register. For more information on risk registers, visit https://www.smartsheet.com/risk-register-templates.
Assess whether the practices of your collaborator(s) and/or collaborating institution(s) are consistent with your institution's standards on ethics and research conduct.
Ask yourself whether all aspects of the project, regardless of where the work is or was performed, would pass ethics review at your institution.
Collaboration with non-academic partners from industry or the not-for-profit sector bring significant benefits. When working with non-academic partners, it is important to ensure alignment with your research objectives. In projects where there are significant macro-risks, it is especially important to ensure non-academic partners do not have ulterior motives.
Best Practice Checklist for sensitive projects
Ensure the motivations of all partners are clear and aligned with the goals of the research team, including any expectations about intellectual property.
Ask the partner directly what they expect from the research team during the project and what they hope to get out of the project at the end.
Assess if the partner's governance structure is transparent and whether the ultimate beneficiary of their collaboration on your project is clear.
Looking on the partner's website, can you easily identify who leads the partner organization and any linkages to government, other organizations and/or other actors? What information gaps exist?
Assess the reputational risk associated with involving the partner.
Ask yourself, "Could critics use the involvement of the partner to discredit our findings, regardless of the quality of the research itself?"
Explore if other academics have had positive experiences collaborating with this partner.
By reaching out to researchers across your institution and at other institutions, you can gather valuable information on past experiences and solutions to address concerns.
Assess whether the practices and contributions of your partner(s) are consistent with the standards on ethics and research conduct at your own institution.
Ask yourself whether any contributions (data, background IP, etc.) are consistent with your own institution’s values and practices.
Use of Research Findings
Agree to a plan of how and when you will share details about the project.
This includes publication, conferences, teaching, mass media, social media and personal communication. This will increase effectiveness and minimize disagreement later.
The UK's Health Foundation has a Communications in Health Care Improvement toolkit that could provide a good starting point. Keep in mind that premature disclosure can preclude certain types of IP protections.
Assess the potential value of any project-related IP and what you need to do to protect it.
Ask yourself, "What types of IP could be generated through this research project? What do we need to do to preserve the value of this IP?"
Ensure all collaborators and partners have agreed on how IP will be handled.
Your institution's research services office can help you understand your institution's policies with regard to IP, as well as how policies, laws and enforcement might vary across relevant institutions and countries.
Discuss how restrictions on academic freedom or commercial interests may impact the research project and the communication of research results.
Ask yourself, "Do the restrictions imposed on communicating results have potentially harmful impacts on the integrity of our research or our ability to publish results?"
Ensure all collaborators and partners are comfortable with the likely uses of any research results.
Brainstorm with your team the likely uses of the results of the project, then ask members if they remain comfortable proceeding with the project.
Ensure mechanisms exist that guarantee that any graduate students involved in the project are able to use the results to complete their studies.
Verify with your research or partnership office what measures exist at your institution and make all partners and collaborators aware of this requirement.
Travelling Safeguard Checklist
Before you travel:
- Assess the level of risk associated with your travel due to: your area of research, indirect partners or access to U.S. research, particularly in sensitive areas.
- Consult the Government of Canada’s travel advisory website and take relevant precautions associated with your destination.
- Discuss any concerns with appropriate resource people within your university (supervisor, IT department).
- Make a travel plan and share it with an appropriate resource person at your institution.
- Consult with your IT department before leaving.
- Make sure all electronics have the latest anti-virus, encryption, firewall and program patches.
- Discuss guidance for use of VPNs and safeguards for accessing the Internet while away.
- Do not travel with unnecessary documentation (contact lists, electronic files, etc.) or devices.
- Before you travel, carefully consider what data you need. Bring the minimum.
- Encrypt and transfer data onto a separate external storage device or Trent’s cloud offerings. If physical, keep it with you at all times while traveling. Keep data passwords separate from the media.
- Register your travel at travel.gc.ca.
- Secure travel insurance.
While you are away:
If you are a victim or suspect someone is trying to victimize you, notify the Canadian consulate in your area immediately and file a report with the appropriate person at your institution, either immediately or when you return. In case of emergency abroad, contact the Government of Canada collect at: 1-613-996-8885 or email@example.com.
People to people connections
- Refrain from talking about sensitive parts of your research or potential future research in public places, or with contacts you have just met.
- Be aware of the potential for elicitation, cultivation or entrapment. Monitor the progress of associations, particularly new relationships and connections with foreign nationals and refrain from offers of personal companionship while travelling.
- Do not advertise where you are staying or your room number.
- Do not leave the keys for your room at the front desk of your hotel.
- Keep your radio or TV on in your room when you are not there.
- Refrain from using hotel or conference computers or public phones as they may be monitored.
- Do not surrender your electronic devices at a conference or hotel.
- Do not let your devices out of your sight at any time during your travel. If this happens, assume that the equipment has been compromised.
- Do not plug an unknown device, including USB keys, cameras or digital picture frames, into any of your equipment.
- Should you find it necessary to plug an external device into your equipment for presentation purposes at a conference, you should consider that your device has been compromised.
- Only access your data from your own devices, never from shared workstations
- If your device is lost or stolen, notify your IT department immediately.
When you get back:
- Upon your return home, take appropriate steps to clean your hard drive or other devices especially if your think your device may have been compromised. Have all external devices scanned for viruses, including gifts or conference swag.
- Notify your colleagues, resource person or travel expert of any suspicious or criminal activity that occurred during your trip. Seek guidance as to whether you should contact authorities.
If you would like to view more IT Security related articles, please visit the following link and refer to the 'Related Links' section:
And if you want to dig deeper into Research Security, read the full Government of Canada article here. The research info above was curated from this site: