Take good care of your data

It is important to be aware of how we act with regard to data security on the Internet. To minimise our vulnerability we must therefore all contribute to storing all relevant data generated in AGRO centrally in the department and describing the datasets with metadata. How good are we at doing that?

This spring the department was subjected to an evaluation of our data security.

AU does this at regular intervals. This spring, three employees from AGRO (René Larsen, Anders Almskou and myself) were interviewed about how the department handles data security based on ISO27001 standards. The department was evaluated with regard to how it deals with IT equipment, data management, journalisation and management of personally sensitive information based on 18 criteria and more than 100 questions within these criteria. The criteria include information security policy, access control, physical and environmental security, reliability, and system purchase, development and maintenance. Each criteria was graded as follows:

1. Irrelevant
2. Ad hoc
3. Intuitive
4. Defined
5. Controlled and measurable
6. Optimised

AGRO had more or less middle grades in the questions and was never at the top nor the bottom.

On the whole, it is the responsibility of the department management to maintain data security, but AGRO’s employees are the ones who deal with data on a daily basis. Therefore, all employees must be aware of how to minimise the risk of security breaches. You must be aware of protecting the department’s data whether it is found on a smartphone, tablet, USB flash drive or laptop. You must also remember to lock your computer when you leave the office.

The management encourages you to stay up to date with regard to data security, including knowledge about phishing, password security, etc. You can keep abreast of AU’s rules for data security here.

In May 2017 many large companies and institutions were hit by cyber attacks. In order to be secured as well as possible, AU’s management has initiated a cleanup of old computers on AU’s network and to reorganise old networks (e.g. DJF) to a common AU network. Simultaneously, four requirements for PCs connected to the network have been introduced:

• They may not be more than four years old
• They must have Windows 10 installed
• They must have an antivirus program installed that is administered and monitored by AU IT
• They must have an SSD hard drive with at least 256 GB

The task must be completed by the end of December 2017. Computers that do not fulfill the above requirements will be excluded from the network.

In AGRO we began in May 2017 by having 49 PCs in Foulum and 143 PCs in Flakkebjerg that needed to be replaced by the end of the year.  In addition, there were some computers that needed to be re-installed. The cleanup in Foulum and Askov is coming along nicely while there is still a lot of work to be done in Flakkebjerg. The secretariat will therefore in the near future send an email to those of you in Flakkebjerg who have a computer that does not fulfill the above requirements, in order to reach our target by the end of the year.

ST’s faculty management has decided to set aside DKK 3,000 per person for purchasing new computers. The prerequisite is that the old computers are delivered to AU IT.

In AGRO we set aside DKK 2,000 per permanent employee per year in the research sections and DKK 1,500 in the farm management section for purchasing IT equipment. PhD students funded by the department have funds via the bench fee, which must cover IT purchases. In addition, we have PhD students and postdocs who receive external funding. Many funders are no longer willing to pay for computer equipment. AGRO’s management will therefore this autumn be having a look at guidelines for advance funding and evaluate if these need to be revised before 2018.

When the PC round is over and done with, the focus will turn to other machines, such as Unix/Linux and Mac. Read more here.