To store and share documents and data, we recommend that you use OneDrive. If you share files, make sure that confidential data are only accessible to authorised individuals by checking the reading and editing rights on files and folders.

Encrypt confidential data

When storing confidential data, we recommend that you encrypt them (for example using AES Crypt or .ZIP software such as 7-Zip).

Are you using a USB memory stick, external hard disk, your own laptop or the public cloud for data storage? Be sure to observe the following safety precautions. 

Storing data securely on a secure USB stick

Information stored on a memory stick can be secured in two ways. You can use a hardware-encrypted memory stick (A) or special software to secure a regular memory stick (B).

A. Recommended hardware encrypted USB sticks

There are many different brands and not all are equally safe, so make sure to be informed. Some recommendations are:

• The IronKey Basic S250 has been approved by the Dutch government for the storage of confidential data.
• The Kingston DT 4000 encrypted USB stick is a high-quality, cheaper alternative with an adequate security level (FIPS 140-2 level 2, strong encryption, strong casing, limited number of log-in attempts, strong password requirements).

The IronKey memory stick is better because it has additional physical security features. Cheaper hardware-encrypted memory sticks such as those made by Corsair tend to be less safe.
Note that with the more secure memory sticks, the stored data will be destroyed after a certain number of incorrect password entry attempts (e.g. ten).

B. Software for securing your USB stick

Another option is using encryption software (e.g. VeraCrypt). However, this also has some drawbacks, since it requires more knowledge and effort and you are not forced to use a strong password as with the hardware-encrypted memory sticks recommended above. You can also select specific files or folders on your memory stick to secure, for instance using AES Crypt.

Dropbox: not suitable for the storage of confidential UvA information

Dropbox is not suitable for the storage of important or confidential UvA information. Although Dropbox does provide security, backup and access facilities, there are a number of drawbacks:

• Cloud services such as Dropbox are American companies governed by American law and therefore do not comply with Dutch and European legislation regarding the protection of personal information.
• Though files are encrypted, no end-to-end encryption is used. No guarantee exists that they cannot be accessed by others. Theoretically, Dropbox itself can also view files.
• The verification file needed to gain access to data in a Dropbox account can be transferred to another PC, enabling unauthorised individuals to gain access to your files without needing login details.
• UvA is unable to offer any help or support in the event of theft.

Encrypt confidential data before sharing or use SURFfilesender 

When sharing confidential information, such as research data and/or personal details, always encrypt the files first You can do so using ZIP software with an encryption function, such as Winzip of 7-zip.  SURFfilesender is also a good solution, it's a secure SURF service that you can access using your UvA-net ID.