From now on, WUR phones will be automatically encrypted to enable better data protection. As a result, phone numbers and confidential emails will no longer leak so easily if the phone is stolen.
This is one of the measures that WUR is taking in view of the new privacy law that takes effect on 25 May. This law requires all organizations and companies to deal confidentially with personal data. WUR also hopes the encryption will improve the protection of research data. That is necessary because WUR has also been the target of attempts to steal research data.
The encryption of the phones is not the only measure. Automatic encryption with password protection was previously introduced for the hard disks on WUR’s computers. Indeed, in some cases data are only stored on the WUR servers in a coded form, and there is no local copy on the laptop. Staff who need the data retrieve the information temporarily, unlock the data on their computer and work with that. After they have finished, the local copy is deleted and the data are stored exclusively on the server. However, this secure method only works for staff who have a permanent internet connection so it will not be implemented everywhere, assures Maarten Brouwer of FB-IT, the department responsible for ICT at WUR.
FB-IT had already announced that a second element will be introduced in the login procedure. Anyone who wants to check their WUR emails while off campus, for instance, will need to give permission via a WUR app on their phone in addition to the password. WUR is doing this to protect the organization against forms of ‘spear phishing’, an advanced and increasingly prevalent form of fraudulent emails with a fake site. The hacker first gathers targeted information about the victim via social media, for example about when the chair group’s assistant is due to go on holiday. The swindler then uses that information to send emails, supposedly from the assistant’s private email address say, with a request to log into a fake site. In future, if you end up on such a fake site, you may inadvertently give away your password but you won’t get permission from the app to log in.
The app will be introduced in phases and will gradually be used for more and more WUR services. Its use will depend on the location, though. For example, anyone logging in on a WUR laptop on campus won’t need to use the app but you will if you log in off campus. FB-IT hopes this will limit the inconvenience.