For Students and Researchers
As students and researchers, working and learning on campus, it's vitally important for your work and your safety that you properly secure your digital information. The easiest way to do that is to start with the right foundation, and then maintain your secure status on a daily basis.
Getting a Secure Start
- Educate Yourself: Look over the information classification guidelines (dataclass.stanford.edu) to make sure you know the difference between High Risk, Moderate Risk, and Low Risk information, and that you have a sense of what kinds of information you encounter in your Stanford work. (If you work with PHI or other medical data, there's a high probability you work with High Risk information.)
- Encrypt: With information classification in mind, make sure that all the devices—computers, phones, and tablets—that you use on the Stanford network are properly encrypted and secured. Visit encrypt.stanford.edu for a step-by-step guide to setting up proper security on each of your computers and devices.
- Secure: If any of the devices that are critical to your research cannot be properly encrypted because of hardware or software obsolescence, file a Help Ticket with IRT Security. We may be able to assist you either by placing your device on a special network, or by helping mitigate risk in other ways.
Next Steps: Sending and Sharing Information Securely
Once your computer and your devices are properly secured, take care of the information inside those devices—and the information on the entire Stanford network—by using secure methods to send, share, and store.
Use MedSecureSend (MSS) to securely send files up to 100GB, to colleagues at Stanford and elsewhere.
Use the Stanford VPN when connecting to the network from off-campus.
Use cloud computing services responsibly; make sure you know which services are approved for what levels of sensitive information.
Use encrypted external hard drives and USB drives to carry and store your Stanford information. (IRT Security is working to provide them free of charge)
Stanford Information and Research
As we are at a School of Medicine, we have two kinds of information which must have extra layers of security: student/university information, and health/patient information. Be aware of how to deal with these special categories of information.
Know your Risk Classification: Learn what kinds of information belong in which categories: High, Moderate, and Low Risk.
Properly handle Stanford Information: As a member of the university, you are personally liable for data breaches. See what's at stake, and how you can reduce your risks.
Research and Security help: If you are applying for a grant, are trying to budget for computer security, or are looking for other help with research and data management, we've got resources for you.
HIPAA: Visit our page to learn about HIPAA rules and regulations, and find out how to properly anonymize data for publication.
Moving on from Stanford? Here's how to prepare your devices for departure: how to properly remove Stanford information, and what to do about the various Stanford-required security measures.