What are the best practices for minimizing data security risks in research?
NewAll research is different. It is important to emphasize that while general principles for minimizing data security risks are presented here, you should contact RCSecureMyResearchFree resources & consulting to help researchers protect data RC SecureMyResearch Free resources & consulting to help researchers protect dataSecureMyResearch to find out the best processes for your research workflow.
Minimizing data security risks in research requires a proactive approach to data protection, access control, and compliance with institutional policies.
One of the most important best practices is data minimization, which involves collecting, storing, and sharing only the data necessary for the research. This reduces the risk of exposing sensitive information and aligns with IU’s security policies.
Other strategies:
- Classify your data using IU’s RCclassification frameworkGuidance to help researchers determine the classification of research data RC classification framework Guidance to help researchers determine the classification of research dataclassification framework .
- Use RCapproved storageCompare attributes of file storage services RC approved storage Compare attributes of file storage servicesapproved storage for your level of classification and avoid personal or public cloud services.
- Restrict access using role-based controls and Multi-factor authentication (MFA).
- Secure transfers with encrypted methods instead of email.
- Regularly review access logs and user permissions.
- Engage SecureMyResearch early in your project.
Researchers should avoid collecting personally identifiable information (PII) unless absolutely necessary and should consider aggregating or anonymizing data whenever possible to reduce security risks.
Another key practice is using IU-approved storage solutions. RCThe Data Sharing and Handling ToolProvides guidance on data storage, sharing, disposal & classification RC The Data Sharing and Handling Tool Provides guidance on data storage, sharing, disposal & classificationThe Data Sharing and Handling Tool provides information about appropriate storage services, data retention and disposal, and data sharing requirements for each level of data classification.
Implementing strong access controls is another essential practice. Researchers should follow the principle of least privilege, granting data access only to those who absolutely need it.
Services that support multi-factor authentication (MFA) should be used whenever possible, and access logs should be monitored to detect unauthorized attempts. If data must be shared, researchers should use secure transfer methods, such as encrypted file transfers, rather than email or unapproved cloud storage solutions.
Regular security audits and compliance checks also help minimize risks. Researchers should periodically review who has access to their data, whether storage solutions remain compliant, and whether security protocols need updating. Engaging with RCSecureMyResearchFree resources & consulting to help researchers protect data RC SecureMyResearch Free resources & consulting to help researchers protect dataSecureMyResearch early in the research process ensures that best practices are followed from the outset. For questions regarding data security, consult with the RCSecureMyResearchFree resources & consulting to help researchers protect data RC SecureMyResearch Free resources & consulting to help researchers protect dataSecureMyResearch team.