☰       Show/Hide Menu

☰       Department Menu

 

Data - Transfer & Storage

Data - Transfer & Storage

The University has a legal obligation under the Data Protection Act to ensure that all personal information is kept secure.

This means that information must be protected against unauthorised or unlawful use and against accidental loss, damage or destruction.

Personal information can be held in personal computers, laptops, tablets, smart phones, paper and other forms. When working away from University premises, information must still be kept secure.

The level of security used to protect information will depend upon an assessment of the security risks.

Risk assessment is a consideration of the harm that would result from a security failure (taking into account the potential consequences of a loss of confidentiality, integrity or availability of information) and the realistic likelihood of such a failure. Having considered the risk, appropriate controls can be then be identified and used.

You should consider the following:

  1. Equipment or media should not be left unattended in public places. If feasible, portable computers should be carried as hand luggage and information carried on separate media from the computer when in transit (e.g. on encrypted USB sticks or similar).
  2. Manufacturer's instructions for protecting equipment should be followed (e.g. protection against exposure to strong electromagnetic fields).
  3. Computers and other hardware used for processing personal information must have appropriate virus protection.
  4. Access must be controlled to prevent unauthorised access (e.g. password on start up or secure file encryption).
  5. Data must be regularly backed up in case of loss or failure.
  6. All personal data must be removed from equipment before disposal.

Please bear in mind the following technical points:

  1. Operating system passwords can be bypassed. If the sensitivity of the data merits it, users should consider hard drives with their own password protection or an encrypted file system.
  2. Leaving wireless access enabled may permit network attacks on laptops, tablets and smartphones.
  3. Secure deletion means overwriting or reformatting of the media on which the data is stored, not simply pressing 'Delete'.

Technical advice is available from Information Systems Services

 Secure USB Storage  

Secure USB Storage

Many of us have a need to access data files whilst on the go, both within the University and especially when working away. As they can easily be lost or stolen ISS discourages the general use of USB devices and provides a number of safer alternatives for sharing files or accessing information whilst on the move.

If you do need to use an USB storage device to store University Information, for example as part of your role or your research, this must be encrypted.

Staff can order encrypted USB sticks from Codex using the DCU ordering process.

Further information on working safely whilst on the move or off-campus, including the policies that apply, is available on the ISS webpage.

It is possible to order a encrypted USB Storage device using the IT Web Order Form (nb. Only authorised members of staff can use this form).

 Encryption
 Encryption Overview 

What is Encryption?

Encryption scrambles the data stored on a device so unauthorized users can’t read that data, and hackers who intercept wireless communications won’t be able to read encrypted data transmitted between mobile devices.

During the encryption process, a special type of algorithm called a cipher makes text unintelligible to anyone who doesn’t hold the key.

The key is a piece of code that interprets, or decrypts, the encrypted data. Most of the time, users need only provide the correct username and password to access the encrypted mobile data.

On some devices, users might have to configure the settings that enable encryption themselves, but the actual encrypting and decrypting processes happen behind the scenes.

Why Encrypt?

The University has a legal obligation under the Data Protection Act to ensure that all personal information is kept secure. This means that information must be protected against unauthorised or unlawful use and against accidental loss, damage or destruction.

 Encryption Services 

Encryption Services

On Campus, DCU use McAfee Endpoint Encryption which offers multiple layers of protection that address specific areas of risk. Encryption can be extended not just to PCs, laptops, but also to network files and folders, mobile devices, removable media, and portable storage devices.

McAfee Encryption Service FAQ

If you have any queries regarding the Mcafee Encryption Service you can submit a ticket to the ISS Service Desk. All the General Requirements, Application Processes, Support and FAQ can be found here:

DCU Encryption Service - FAQ (PDF)

  Encryption - Phones 

Encryption (Phones)

The vast majority of smart phones can connect to the DCU apps via the mobile apps (e.g. Email, Calendar, Docs) but some may not meet the criteria. If your phone model is unable to meet the required standard, you can still connect to DCU Apps through your mobile's browser, visit: http://apps.dcu.ie. Please note: Windows 7 phones can not meet the encryption requirements to connect to DCU Apps.

Please note

ISS are not responsible for issues that might occur when configuring or encrypting personal devices and will only use the wipe functionality once we are requested to by the staff member

Instructions for other versions of windows mobile devices:

Staff Android:

DCU Encryption and Sync Instructions (PDF)

Sync Instructions (online)

Device policy (online)

Staff iPhone:

Encryption Information and Instructions (PDF)

Sync Instructions (online)

Device Policy (online)

  Encryption - Documents for Email 

Encryption (Documents for Email)

Unencrypted email is not a secure way to transfer sensitive information regardless of the email solution or where that email solution may be hosted (either 'in the cloud' or 'on premises'). DCU's email solution, provided by Google, is not encrypted. Therefore, in common with most commercial email solutions, all data in an unencrypted email can be intercepted as it is sent over the internet.

ISS does not support encryption solutions that encrypt the data held in the header or body of emails as we do not feel that such solutions strike the appropriate security/usability balance for DCU. ISS will continue to monitor all developments within this area and welcomes suggestions and feedback from the DCU community in this regard.

ISS does support the encryption of attachments and we have outlined instructions on how to do this below. If you choose to encrypt attachments please pay particular attention to not including sensitive information in the body of your email.

Never share the encryption password by email even to a different email address. We suggest that you share the password by telephone, in person or by SMS. Please note that ISS will not have access or the ability to retrieve or reset the password you create. You should give consideration to backing up the data you propose to encrypt.

If encrypting attachments by any of the means proposed below is not an option for you, please speak to us and we will be happy to help.

  Encrypt a document with Office 365 

Encrypt a document with Office 365

  1. Open the Office file you wish to encrypt.
  2. Click on “File” in the upper left-hand corner.
  3. Click on “Info”.
  4. Click on “Protect Document” then “Encrypt with Password”.
  5. You will be prompted to enter a password to encrypt your document: 
  6.  

  7. We highly recommend following the DCU policy: “Guidelines for Creating a Secure Password”  for information pertaining to creating passwords.
  8. You will be prompted to re-enter your password: 
  9.   Once your password is entered, you must save your document for the encryption to take Effect. Please note that if you forget your password, we cannot recover it, nor retrieve the information inside of your document. If you want to check and make sure that it works, close the document and re-open it:  
  10.  
  Encrypt a document with 7-ZIP 

Encrypt a document with 7-ZIP

7-Zip is an archive format, providing high compression ratio. 7-Zip supports encryption with AES-256 algorithm.

The software is available for free download from HERE

How to Encrypt a Zip File using 7-Zip (PDF)

Please remember:Never email the encryption password.

If you forget your password, ISS can neither reset your password nor recover your files.

  Encryption - USB memory sticks 

Recommended encrypted USB memory sticks

ISS now has a number of encrypted USB sticks available to members of staff who submit a USB Encrypted request form.

The Integral Courier FIPS 197 Encrypted USB 3.0 Flash Drive provides a highly secure and simple to use security solution for portable data. Featuring mandatory encryption of all files stored on the Flash Drive and a SuperSpeed USB 3.0 interface.

 Benefits: 

Benefits:

  • AES 256-bit hardware encryption is superior to software encryption used by many other "high security" USBs
  • The Courier FIPS 197 USB 3.0 has been independently tested for data encryption by the Federal Information Processing Standards (FIPS) committee and validated to FIPS 197
  • Mandatory encryption of all files (100% privacy) - All data stored on the drive is secure. Unprotected files cannot be saved to the Courier Dual
  • Courier FIPS 197 USB 3.0 has a zero footprint - No software installation is required before use
  • Endpoint security software compatible - The Integral Courier FIPS 197 USB 3.0 operates comfortably with endpoint security solutions by using the embedded unique ID.
  • Works on Windows XP, Vista, 7, 8.1, 10 and Mac OS X without administrator privileges
  • SuperSpeed USB 3.0 for ultra-fast data transfer and backwards compatible with USB 2.0 devices
 Technical features: 
  • AES 256-bit hardware encryption
  • FIPS 197 Validated - Certificate No. 2590
  • Secure Entry - Data cannot be accessed without the correct high strength alphanumeric 8-16 character password. A password hint option is available. The password hint cannot match the password
  • High Strength Password Enforcement - Setting of a high strength password is mandatory
  • Brute-Force Password Attack Protection - Data is automatically erased after 6 failed access attempts. The data and encryption key are securely destroyed and the Courier drive is reset
  • Auto-lock - The Courier FIPS 197 USB 3.0 will automatically encrypt all data and lock when removed from a PC or when the screen saver or "computer lock" function is activated on the host PC
  • Password Entry Count - The Courier FIPS 197 USB 3.0 records the failed entry count e.g. if the Courier is removed after 2 failed attempts and reinserted, the drive will resume with the 3rd attempt
  • Personal ID Function - As an option, contact details can be added to the Courier FIPS 197 USB 3.0 that can be viewed without compromising encrypted data
  • User manual stored on drive
  • Multi-lingual interface in 26 languages and a simple user interface for "out of the box" use
  • Unique ID (optional) - During production a personalised tag (e.g. "ACME APPROVED USB") can be embedded into the Courier Dual that can be viewed on a PC. The tag gives endpoint software a convenient way to identify Integral Courier FIPS 197 USB 3.0 as the "official" company drive, whilst denying access to other unauthorised USB drives that do not carry the Unique ID tag
  • Warranty - 2 Years
 DCU Data Policies 

DCU Data Classification Guidelines

A combination of data confidentiality, integrity and availability. Whether a set of data is LOW, MEDIUM, HIGH, or of VERY HIGH impact will inform the data classification and whether or not the data set should be considered sensitive data. To decide on the level of impact please refer to Dcu's Data Classification policy:

DCU Data Classification Policy (PDF)

DCU Data Handling Guidelines

These guidelines are to provide guidance to data custodians as to how they may protect data classified under the headings defined in the Data Classification policy. These guidelines are considered best practice for the protection of that data which can be found on the following website also:

DCU Data Handling Guidelines (PDF)

DCU Data Protection Policy

Dublin City University, as a Data Controller, is required by law to comply with the following Irish legislation relating to the processing of Personal Data:

This document is the University’s policy in response to the requirements of the Data Protection Acts.

Important notes on Data

Data can be lost in several types of incidents, including computer malfunctions, theft, viruses, spyware, accidental deletion and natural disasters. So it makes sense to back up your files regularly.

A data backup is a simple, three-step process:

  1. Make copies of your data.
  2. Select the hardware or method to store your data.
  3. Safely store the backup device that holds your copied files.
  4. ISS recommend that you back up all important data to Google Drive

For more information on data storage/data transfer, please visit our dedicated page on Data.

  Staff Networks 

Logging on to PCs

When the PC is switched on and Windows operating system has loaded, a Netware login box is displayed.

The box contains two areas that need to be filled in manually: the USERNAME and PASSWORD boxes.

Drive Mappings

Once you have successfully logged into the Novell it is important to know the file sharing and file storage options available on the DCU network.

By double-clicking the 'My Computer' icon on your desktop you will see the following network drive mappings.

Drive H

This is your personal file storage area of 100MB on the network. No other users have access to the information stored here.

Drive L

This is your departmental share area.

On the L: drive there is an 'ALL' folder, everyone in the same department has full access (read/write/delete) to this 'ALL' folder.

There is an initial space restriction of 100MB on this folder (additional space is given when required).

The L: drive can also have 'special sub-folders' setup for specific requests, such as an admin group within the dept. with either just the admin group with full access and read-only to the rest of the dept. or the admin group with full access to the folder and the rest of the dept. with no access.

There is an initial space restriction of 50MB on these folders (additional space is given when required).

Drive N

The purpose of this drive is for staff to upload their lecture notes for students to access.

By default both staff and students have read access to all information on this drive.

Staff must contact the helpdesk to gain read/write access to their specific area (eg. Salis)

Drive V

This is an inter-departmental share area. On the V: drive there is a 'Dummy' folder, all staff in DCU have read-only access to this folder (this is given to stop errors occurring when you log in).

The V: drive has 'special' folders setup for specific requests, such as for sharing confidential documents between departments.

Both the creation of these folders and the access to them must be requested through the helpdesk. There is an initial space restriction of 50MB on these folders (additional space is given when required).

This is a scratch directory that acts as a shared public area for all staff. The purpose of the scratch drive is to offer a place where all staff have full read/write/delete access, for the temporary upload of files that can be shared among all staff.

All files stored here can be viewed and deleted by any staff member, for this reason, any confidential information must not be saved here even if you have password protected the files if you want to share confidential documents use the V: drive.

Drive X


The X: drive is not backed-up and so any files stored here once deleted cannot be retrieved.

The X: drive is automatically purged (deleted) on a regular basis and once purged cannot be retrieved.

For these reasons only use the scratch drive X: as a temporary non-confidential file share area.

Drive Z

This is a Netware System drive that is mapped by default.

  Frequently Asked Questions  

Removable Media Encryption - The Basics

Q: Does encryption change how I use my PC or applications?

A: No. You should not notice any difference in the performance of your Sutter Health computer, but your data will be protected as it is saved to removable devices and media

Q: Will I see encryption happening?

A: No. Encryption is transparent and automatic.

Q: Will encryption change how I use applications?

A: No. Applications won’t even notice the encryption process because it’s done automatically in memory.

Media Encryption Passwords and Password Recovery

Q: What is a removable media password?

A: This is a password you define for each removable device you encrypt. It is used to ensure the encrypted data can’t be accessed by anyone who does not know the password.

Q: Is the password for my encrypted media the same as my Windows password?

A: No. The password for your encrypted media is not the same as the password used to log into your Windows computer or your Windows Mobile device.  A different password should be created for USB encryption.

    Q: What passwords are valid for encrypted media?

    A: Your password must be at least 5 characters long, and include the following:

  • Two or more letters
  • A least one uppercase and one lowercase letter
  • One or more numbers (Compliant examples: '123Ab' or 'aB321')

Q: What happens if I mistype my password?

A: You will have up to 3 attempts to correctly enter the password for your encrypted removable media

Q: What should I do if I forget my password?

A: If you forget your password there’s no need to worry. Simply follow these steps:

  1. While on your office desktop computer or networked docking station, Insert the encrypted media in your PC
  2. When you get the password prompt (example shown below), simply click the "I forgot" button.
  3. You will be prompted to confirm that you have forgotten your password.
  4. Once you confirm that you’ve forgotten your password, call the SMU Helpdesk to have your password reset via a simple manual authentication process.