 One important aspect of research data management is to ensure that data are safe and secure during the course of our research and beyond. But when can we say that our data is secure? To secure data, we need to consider the three core information security principles, confidentiality, integrity, and availability. Now, let's first have a look at the principle of confidentiality. Reserving confidentiality means to take appropriate technical and organizational measures, so that the correct information only ends up in the right hands. But which data are confidential? Here we are referring to data for which the unwanted disclosure will have negative or harmful consequences. There are three common reasons why research data can be confidential. First, personal data. In other words, data that relates to an identified or identifiable living person. The risk involved here is infringement of privacy rights. A second reason to label data as confidential is because we are seeking to secure intellectual property, for example, by filing a patent application. In this case, the risk could be to undermine the potential to valorize your research results. And finally, data can be confidential when contracts with third parties impose certain limitations on who can or who cannot access the research data. The risk we want to cover here is failure to comply with contractual obligations. Whatever the reason is to deem data confidential, the implication is always that it should not be disclosed to or accessed by unauthorized people. Now, what about the second principle, integrity? Integrity means to guarantee that data remains accurate and complete during its entire lifecycle. Risks for integrity can originate from technical issues or human actions. Issues of technical origin mostly stem from unforeseen hardware failure, degradation of digital media or errors in configuration. These all can lead to data corruption or data loss. On the other hand, integrity issues caused by human intervention can be both intentional or unintentional. For instance, researchers can accidentally delete a folder for which no backup is available. That brings us to the last principle of information security, availability. In the ideal case, data should be readily available where it is needed, whenever it is required, and the way it is expected. But, in reality, things are not always like that. Data or hardware can be lost or stolen. There could be disruptions in the network, or maybe a cloud service can go down. So, as you can see, there are a couple of risks that threaten the security of our data. The question is then, what can we do to minimize these risks? Let's have a look at some tips. If possible, avoid storing your data locally on your computer or your own IT resources, such as an external hard disk or a USB stick. Instead, use the network storage provided by your institution. This will ensure that you are protected in case your device is lost or stolen. It also usually guarantees better protection in terms of privacy when working with personal data. Institutional network storage will ensure that your data is regularly backed up. But if for any reason, storing a copy of your data on your local computer is inevitable, make sure to backup regularly. When making backups, it is also important to test if you can restore previous versions of your files and to not wait until something really goes wrong. Make sure that people have access only to the information that they strictly need to have access to. Think about who should have access to which folders in your system and talk to the IT department to help you set up an appropriate access configuration. Cloud platforms are very popular because they are easy to use. However, you should not store confidential data on third-party cloud platforms unless you have verified the terms and conditions and you encrypt this data in a secure way. In fact, encryption is always recommended when dealing with confidential data and strictly necessary when the risks are high. If you need to share the data with someone, never send it by email. Check whether your institution offers a safe alternative for file transfer and encrypt your files before sending them. To protect your computer against malicious software, always keep your system and applications up to date. Put strong passwords in place, change them regularly and use two-factor authentication wherever possible. Don't share passwords with anyone or write them down on a paper or in a file. Lock your screen when you leave your desk. Not all security measures take place at the digital level. It's also important to protect the physical integrity of your hardware devices. Always manipulate your IT equipment with care and protect it from possible environmental hazards. Also, when you are processing confidential information in a non-digital format, it is equally important to protect these data from unauthorized access. Just to give an example, a box of confidential interviews should not be left unattended in the corridor. Finally, when the retention period of confidential data has expired and there are no further obligations or reasons to keep them, it is important to destroy this information in a safe way. For physical documents, this could mean treading paper before it is disposed. As for digital data, just deleting them from the disk and emptying the recycle bin is by no means sufficient. For effective deletion, special file erasing software needs to be used. When getting rid of hardware, it is even a better idea to physically destroy the storage medium. To conclude, keeping your data secure is essential during your research. As we have seen, there are a few issues that can put your data at risk. Luckily, there are also measures that you can take to protect your data and reduce the risk. It is very important to keep in mind that, a higher the risk, for example if your data is confidential, the more safeguarding measures you should take. If you want to know more, have a look at our website.