According to the National Cyber Security Centre 2019 reportĀ The Cyber Threat to Universities, hostile state actors are targeting UK universities to steal personal data, research data and intellectual property, and this could be used to help military, commercial and authoritarian interests.
Research partnerships can be a way of gaining access to sensitive material through legitimate routes and it is important that you control access to sensitive data.
Where potential risks have been identified within an international research partnership, it does not necessarily mean that the relationship should not proceed. Appropriate mitigations might be put in place to ensure the security of your research and personal data.
When assessing the risks to your data, consider the following:
Are you being targeted?
Be aware of the current cyber security threat to UK universities and academia. Through phishing attacks or insecure storage of information, your personal data and intellectual property might be under threat.
Could your research make you a target?
Your research and intellectual property could be valuable to specific kinds of people. Consider the consequences of what would happen if your research fell into the wrong hands. If your research could make you a target, think about the appropriate steps you need to take around data security.
Be aware of what you want to protect. Most research may not have any sensitive application but it is helpful to identify what you value the most and what is most at risk. Areas around applied research are particularly vulnerable. Consider whether your research is commercially sensitive, has potential for patent, is related to sensitive defence or national security technology and/or could have future dual-use or unethical applications.
Could your work end up in the wrong hands?
It is your responsibility to make sure all elements of your work are kept secure. You should ensure that you maintain awareness of the latest regulations and make sure that you are storing data, personal information and other parts of your research securely.
What can you do to safeguard your research?
Safeguarding your research is essential to the integrity of your work and it is important to make careful decisions about how you protect it during research collaborations:
- Be aware of any local legislation that may apply to overseas partners that might permit authorities to access sensitive information without consent from all parties.
- Ensure partners have a valid reason to have access to your data, research and other parts of your networks before sharing and only give access to those who have a valid requirement to the information
- Where appropriate, incorporate segregation between research programmes, both physically and online.
- To keep the data you hold safe, you need to consider how you collect, store, share and manage it.
The University has support and information available on cyber security and is committed to continually ensuring that its information security management procedures are robust and up to date. Further training will be developed as appropriate to provide support and guidance in these areas.