Scenario 5 - Security and travel

Disclaimer: This scenario is not comprehensive of all risks and best practices. This case study represents a certain scenario for general application of research security principles and can be used as a resource for training, exercises and presentation, etc. The names, events and other details of this scenario are created for educational purposes and do not represent any particular event.

Scenario 5

Fictional scenario

  • Marc is a researcher who is travelling to an international conference abroad where his research will be discussed.
  • Marc brought his computer with him and a USB key containing information related to his work.
  • During the conference, he gave a presentation during which he connected his USB to a computer provided at the venue. Afterwards, he made contact with several international partners, where he exchanged information and data by connecting his USB to colleagues' devices.
  • When Marc returned from the conference, he connected the same USB key to his institution's network.

Risks in this scenario

Caption text
Risky practices Possible consequences
Connecting an unsecured data device to an unknown computer or network
  • The loss of proprietary research intended either for publication in a peer reviewed journal, potential commercialization, or other uses.
  • The potential contravention of research ethics resulting from the breach of any confidential information from research partners or research participants.
Reconnecting an unsecured data device to the home institution’s network
  • Corruption and breach of the institution’s security: when the USB key was inserted in a device connected to the institution's network, malware could have been activated or could have replicated itself to other computers or connected networks.
  • A sustained breach of a Canadian institution through uploading of backdoor software, or ransomware onto Marc’s institutions network.
  • As the USB was connected to several computers, it may be impossible to know the source of malware. This could result in the theft of not only Marc’s data, but that of colleagues who also used the USB or connected to the breached network and other devices. This can lead to a wider breach of security at several institutions.
  • A cyber security breach of the institution's networks could seriously impact its IT resources for a period of time. Depending on the type of intrusion, it may also go undetected in the network, and lead to ongoing loss of data.
  • If confidential or proprietary information were misappropriated from the institution, it could face serious damage to its reputation.
  • Ransomware could lead to financial losses and other consequences if the institution attempts to recuperate the information, or to permanent loss of access to holdings or repositories.

Risk mitigation

Best practices checklist – Researchers

  • DON’T store research data on portable, unsecured devices such as USB thumb drives, flash drives, or portable hard drives. Data stored for use away from the home institution should be limited in scope as much as possible and not pose a risk to an entire research project.
  • DON’T re-use physical storage devices or reconnect them to a network after connecting them to a public or unfamiliar computer/network.
  • DO develop and apply a data management plan to ensure that only the most pertinent data is stored on disposable mediums such as USB drives.
  • DO keep storage devices secure at all times, and don’t connect them to untrusted devices.

Best practices checklist – Post-secondary institutions

  • DO encourage researchers to implement a data management plan that includes physical storage mediums such as encrypted USB drives or keep data storage in a secure location such as a locked desk or safe.
  • DO encourage researchers to use secure mediums of data storage such as encrypted drives and cloud storage options.
  • DO have clearly posted contact information of relevant institutional authorities to reach out to in the event of a breach, or for guidance on these matters in advance of travel.

Additional resources

Date modified: