Physical Security Baseline
Physical Security Baseline for Research Data
The Physical Security Baseline consists of basic practices you can implement to safeguard your research data. These practices are appropriate for data resulting from "funamendal research ". Fundamental research is research that has no restrictions on dissemination or participation and is intended to be made publicly available. More robust physical security needs may be required for research that involves restricted data.
- See Environmental Health and Safety (EH&S) for lab security and safety around materials, biologics, and chemicals and FAQs for Physical Security
Secure Access Control:
Regularly review the personnel authorized to physically enter the lab. Physical access to your lab space is controlled by your Stony Brook University ID card using Lenel, or by a traditional lock & key. The Office of Access Control and Lock Shop has the sole responsibility for electronic and traditional lock and key systems.
- Key and Card Access requests can be made via the FIXIT work request system
- Lost or stolen swipecards and/or keys should be reported immediately to your building manager and the Office of Access Control to prevent unauthorized access to the lab.
Keep a log of all guests and visitors (non-keyholders), and escort them while in the lab.
Physical data protection:
Minimize printing hard copies of data. Reducing paper copies of data is not just good for the environment, it’s good for your security as well. Every printed copy you create is one more avenue for exposure or theft of your research data.
If you must print, avoid using shared printers or printers in public spaces. Minimize the number of eyes that can see your printed work. Use a local printer in your lab instead of a networked model.
Lock up physical data when not in use. Whether it’s paper in a filing cabinet, or materials in a storage bin, locking up your physical data when not in use is the best way to keep it secure.
Good housekeeping:
Keeping your lab space neat and tidy is a simple, but effective, way to maintain security. Loose papers carelessly scattered around the lab are easy targets for theft and exfiltration. The old saying “A place for everything, and everything in its place” should be your mantra. Designated locations for paperwork and equipment make it easier to notice if something is missing.
Situational Awareness:
Keep your lab work within your lab. Working in public spaces significantly increases the chances of your work being exposed, or your data stolen. If you absolutely must work outside of your lab, keep the following in mind:
Avoid crowded public workspaces. You never know who is sharing that space with you. People can easily “shoulder-surf”, and watch all of the content on your screen.
Avoid public wifi and network connections. Many public wifi signals are neither password protected nor encrypted, leaving you wide open to “man-in-the-middle” attacks. These attacks can grab your passwords, account information, emails and files. If you’re on campus, use WolfieNet. WolfieNet-Secure is Stony Brook University's recommended wireless network on West Campus, Southampton, Manhattan, and parts of East Campus. It is available to all faculty, students, and staff. For additional information, visit the WolfieNet site
Use Stony Brook’s VPN when off-campus. Stony Brook has partnered with Palo Alto to provide VPN service using GlobalProtect. Use of GlobalProtect VPN requires a Stony Brook NetID and Duo for multi-factor authentication. For additional information, visit the Stony Brook VPN site.