Data’s vital to the modern lab but attracts unwanted attention. Proper cybersecurity is paramount, says Emily Newton.
Data is the world’s most valuable resource and a critical part of laboratory operations. Labs that collect and store more digital information may draw the attention of cybercriminals seeking to profit from these valuable assets. That could create substantial privacy risks and economic damage, so laboratory data must have strong security.
Labs are often at the cutting edge of technology, but many fall short in data security practices. Here’s how organisations can reverse that trend and protect their information:
Train all lab employees in data security
Teaching all lab staff cybersecurity best practices is one of the most important steps in securing laboratory data. Human error is often the weakest link in any information security system, as one mistake can grant attackers access, regardless of a network’s technical protections.
Good password management, including why and how to use strong, unique passwords, is important. All employees should also know how to spot phishing attempts and not click unsolicited links. Making these training sessions a regular occurrence is vital to stop forgetfulness or complacency from endangering sensitive data.
Use safer data
Another critical part of lab data security is using less sensitive information from the beginning. Many research operations contain people’s Data’s vital to the modern lab but attracts unwanted attention. Proper cybersecurity is paramount, says Emily Newton cybersecurity Keeping laboratory data secure Source: Artem podrezg names, locations or other identifiers, which are prime targets for cybercrime. Using data that isn’t tied to any real-world people or places will mitigate the impact of a breach.
Updates are also easy to forget, making outdated technology a common threat despite the solution’s relative simplicity
Many machine learning algorithms can generate synthetic data that mimics real-world information but doesn’t carry real-world sensitivity. Using these datasets will ensure any breaches don’t harm anyone’s privacy. When that isn’t possible, labs should only collect what data they need and remove vital personal information.
Limit access permissions
Labd ; should restrict access to their data. It’s best to follow the principle of least privilege, which holds that people should only be able to access what they need to do their job. That applies to third parties such as software vendors or research partners, too; more than half of organisations surveyed in the 2021 Ponemon report admitted having experienced a data breach from a third party. This limited access should also apply to software and devices. Limiting data-sharing between programs or endpoints will ensure as few access points to sensitive information as possible, making it harder for cybercriminals to get in.
Encrypt at every level
Research professionals should also encrypt all laboratory data using a 256-bit encryption standard. This ensures that any information that does leak will be impossible to interpret, making it useless to cybercriminals and ensuring privacy.
Many organisations encrypt their data but only apply this protection to information at rest. Given lab data's sensitivity, it's also best to encrypt it in transit. Labs with Internet of Things (IoT) devices should also encrypt their communications, as they can provide easy access points for hackers without it.
Review regulatory standards regularly
Cybersecurity laws and regulations are becoming increasingly common as data security becomes a more prominent issue. Just as new lab buildings must meet regulatory stabndards, so some may face constraints over their data practices.
Laws such as the General Data Protection Regulation may apply and carry high fees for failing to meet certain security standards. Consequently, labs should regularly review local and industry regulations to ensure they’re compliant. Even if no specific laws apply, looking at the relevant regulatory landscape can reveal best practices for better data protection.
Lab workers should also ensure they update all software and devices as often as possible. Cybercrime is continually evolving, so outdated software may lack crucial protections against emerging threats, leaving laboratory data vulnerable. Updates are also easy to forget, making outdated technology a common threat despite the solution’s relative simplicity.
The best way to address this issue is to enable automatic updates. That applies to any data gathering, processing and storage software, as well as IoT devices, operating systems and security software.
Regardless of what other steps a lab takes, it’s important to realise that no solution is foolproof. In 2022, the Department for Digital Culture, Media & Sport’s Cyber Security Breaches Survey 2022 reported that 39 per cent of business respondents were victims of a cyberattack, yet only 19 per cent had an incident response plan. That must change as attacks become more common, especially with information as sensitive as laboratory data.
Labs should create backups of all missioncritical data in offline and online formats. This ensures that a breach or similar event can only cause minimal damage. Labs should also encrypt and restrict access to these backups to ensure they don’t become cybercrime targets.
Laboratory data must be secure
Data security is vital for all industries, but laboratory data carries particularly high risks. This information is often sensitive and central to important research. It’s also an increasingly popular target for cybercriminals, especially as the industry falls behind cybersecurity best practices. Following these steps will help laboratories keep their data secure. They can then perform their vital services without fear of an attack disrupting operations or jeopardising people’s privacy.
Emily Newton is the Editor-In-Chief of Revolutionized, a magazine exploring innovations in science and industry