What are the best practices for minimizing data security risks in research?

All research is different. It is important to emphasize that while general principles for minimizing data security risks are presented here, you should contact RCSecureMyResearch Free resources & consulting to help researchers protect data catalog entrydirect link RC SecureMyResearch to find out the best processes for your research workflow. 

Minimizing data security risks in research requires a proactive approach to data protection, access control, and compliance with institutional policies. 

One of the most important best practices is data minimization, which involves collecting, storing, and sharing only the data necessary for the research. This reduces the risk of exposing sensitive information and aligns with IU’s security policies.

Other strategies: 

• Classify your data using IU’s RCclassification framework Guidance to help researchers determine the classification of research data catalog entrydirect link RC classification framework . 
• Use RCapproved storage Compare attributes of file storage services catalog entrydirect link RC approved storage for your level of classification and avoid personal or public cloud services.
• Restrict access using role-based controls and Multi-factor authentication (MFA).
• Secure transfers with encrypted methods instead of email.
• Regularly review access logs and user permissions.
• Engage SecureMyResearch early in your project.

Researchers should avoid collecting personally identifiable information (PII) unless absolutely necessary and should consider aggregating or anonymizing data whenever possible to reduce security risks.

Another key practice is using IU-approved storage solutions. RCThe Data Sharing and Handling Tool Provides guidance on data storage, sharing, disposal & classification catalog entrydirect link RC The Data Sharing and Handling Tool provides information about appropriate storage services, data retention and disposal, and data sharing requirements for each level of data classification.

Implementing strong access controls is another essential practice. Researchers should follow the principle of least privilege, granting data access only to those who absolutely need it. 

Services that support multi-factor authentication (MFA) should be used whenever possible, and access logs should be monitored to detect unauthorized attempts. If data must be shared, researchers should use secure transfer methods, such as encrypted file transfers, rather than email or unapproved cloud storage solutions.

Regular security audits and compliance checks also help minimize risks. Researchers should periodically review who has access to their data, whether storage solutions remain compliant, and whether security protocols need updating. Engaging with RCSecureMyResearch Free resources & consulting to help researchers protect data catalog entrydirect link RC SecureMyResearch early in the research process ensures that best practices are followed from the outset. For questions regarding data security, consult with the RCSecureMyResearch Free resources & consulting to help researchers protect data catalog entrydirect link RC SecureMyResearch team.