General Data Security

Last Updated: November 5, 2024 2:35 pm

OASIS IRB Support

This section is meant to cover a range of topics germane to nearly all use cases.

Updated Operating System

One of the easiest ways to keep your computer secure is to regularly update it. If you’re handling sensitive data, make it a habit to check for updates on a weekly basis and apply them as they become available. While you might normally wait for your system to prompt you about updates, weekly checks are recommended for added protection when handling sensitive information.

Keep in mind that some updates are sequential—one may not appear until a previous one is applied. Continue manually checking until there are no updates pending. This ensures your operating system remains fully patched against known vulnerabilities.

In addition, limit administrator access to only essential users. Reducing the number of accounts with administrative privileges helps prevent unauthorized changes and protects your data from accidental or malicious tampering.

Secure Passwords

Your computer should be protected by a secure password. If you log in using Active Directory (AD) with your Onyen credentials, your password meets university security requirements. For local accounts on your computer, follow these additional guidelines:

  • Different Passwords: Use a unique password for each device or system not authenticated with your Onyen.
  • Strong Passwords: If not using your Onyen, choose a password with a mix of letters, numbers, and symbols (minimum of 12 characters) for maximum security. Passphrases are also encouraged for easier memorization and added strength.
  • Multi-Factor Authentication (MFA): Enable MFA where available to add another layer of security on top of your password. For non-Onyen systems, MFA is strongly recommended if supported.

See Article – Passwords, Pass-phrases, an… (unc.edu) for more tips on creating and managing secure passwords.

Data Sanitizing

Any device that handles sensitive research data should be sanitized—a more secure way of deleting data—before re-use or repurposing. Since data sanitizing removes all data on a device, consider backing up non-research data beforehand. For assistance, your departmental IT support can provide guidance on creating backups and secure data sanitizing practices.

For devices containing highly sensitive information, follow UNC’s secure disposal policy. This may include certified data destruction services for compliance with data security standards.

By following these practices, you help protect both your data and the research community at UNC.