Note: A version of this post originally appeared on the Mobile Solutions Technical Assistance and Research (mSTAR) project blog.
Close your eyes and imagine you’re being interviewed about your sexual behaviors, your finances, and your health conditions – and then asked the same questions about each member of your family. The person speaking with you has taken photos of you, your children, and your home, and they captured your GPS coordinates within one meter of accuracy.
You’ve trusted a stranger with incredibly personal and easily identifiable information.
But what steps are they taking to keep your data secure and your family safe?
On Thursday, March 9, mSTAR’s Abdul Bari Farahi and SurveyCTO’s Faizan Diwan led a presentation on data security for electronic field-based data collection with an emphasis on what you can do today to improve security practices during each step of the process.
Here are five takeaways:
1) Improve your security on tablets and smartphones
- Encrypt your tablets
- Most Android devices come with 1-2-click settings to encrypt tablets as a whole
- Install an Android app that allows you to lock, track, and wipe remotely (e.g. Avira)
- Use a data collection app that allows for encrypting collected data “at-rest”
- This way, even those who collect the data can no longer see it after the form has been finalized
2) Improve security on your server
- Use a platform that allows you to use your own encryption keys, so even your software vendor cannot view the data if they try
- Encryption in transit and encryption at rest are not enough
- Use a good password!
3) Improve security on your computer
- Keep exported data in an encrypted folder on your computer when not in use
- BoxCryptor offers a desktop encryption option that lets you share data via Box while keeping it encrypted
- Use a good password!
- For an additional layer of security, you use a cold room computer, which is never connected to the internet
- Avoid connecting to unknown and insecure and or unencrypted networks
4) Improve security for your organization
- Develop standards of practice, check lists, and other shared resources
- Mitigate cybersecurity risk
- Use technology that is secure but convenient
- Use two-factor authentication where possible
- Raise security awareness within organizations
- Avoid single point of failure on all critical elements of business including employees, servers, technologies, and strategies
- Backup data continuously
- Create an environment for continuous monitoring of “everything all the time”
5) Improve security in your sector
- Encourage donors to increase pressure on grantees to deliver on data security commitments
- Work with IRBs to create electronic data security policies in their requirements and guidelines
- Develop sector-wide standards for reporting and investigating data security lapses
Too often the perceived costs of strong data security get in the way of taking low-burden but high-impact action to improve practices. And while the costs of poor practices can be hard to quantify, the risk to your reputation and to the safety of respondents, particularly in humanitarian situations, is all too real.
Photo courtesy of John Snow, Inc.