Since 'Data is the New Oil', researchers must become skilled in cyber security

"Data is the new oil", Goodman argued in his book, Future Crimes (2015), where he showed how data is used to make billions of dollars for companies that collect data by offering a range of digital services. What Goodman said is similar to what O’Connor (2004) wrote, namely, that economically we find ourselves in the Information Age, where companies providing information and communication services are increasingly worth investing in. Information and communication technologies are technological advances that increase people’s ability to collect, store, retrieve and share information.

While companies that provide Information Communication Technology (ICT) services are known to collect most of people’s information, researchers also collect information. This sometimes involves human subjects, so that researchers sometimes have access to personal information about people. Information that researchers collect can be needed by governments, individuals or companies. Researchers are obliged to know the basics of cyber security because the data they collect could be targeted by a number of agencies such as the authorities, companies and hackers, in general.

Why is cyber security essential for researchers?

When conducting a study that involves human subjects it is necessary to have obtained ethics approvals, informed consent and confidentiality, as has been well explained by AuthorAID and Bjärkefur et al. (2021). Researchers are now using digital devices to collect data. Those devices are vulnerable to hackers who can gain access to the information and render a researcher's conduct unethical when the data is leaked. This is where cyber security enters to allow researchers to have confidence in their data security when conducting their studies.

The European Union has adpted the General Data Protection Regulation (GDPR) and the United States has Privacy Acts, which are specific to individual states. Most countries in Africa do not have Privacy Acts, as has been pointed out by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), but this does not release a researcher from observing confidentiality when dealing with human subjects.

Information that a researcher has access to is always at risk, at all stages. The following measures may reduce the risk of the data being leaked, that is, assuring participants of the researcher's commitment to confidentiality.

Security skills for researchers

You do not have to be a programmer or an Information Technology (IT) professional. Here are some approaches you can adopt to improve the confidentiality of your processes.

i. Use strong passwords

A strong password has to be unique, long and contain some special characters that make it complicated for hackers to crack by brute force in a short time. Password managers can help researchers in making and storing their strong passwords, which are necessary for accounts that receive and store their data. If you have conducted an online survey or used any way that requires digital transmission of your data, enable two-factor authentication/two-factor verification.

ii. Use secure networks

Devices that store confidential data should not be connected to insecure networks. Insecure networks are easy for hackers to gain access to and cause data bleaching. Insecure networks include unknown wireless networks, networks that are not encrypted, which anyone can connect to. I recommend to follow Bjärkefur et al.'s (2021) suggestion to use of a Virtual Private Network (VPN) when a device that contains confidential information is connected to a network. Do not connect USB drives to any device containing confidential information. In addition, the location of your device should also be secured.

iii. Always encrypt your data

Data that includes personal information identifiers should always be encrypted. The most highly recommended software for data encryption is VeraCrypt. It is open-source software and works well on different operating systems. You may encrypt specific data or your entire disk. Encryption of your data will retain the data confidentiality even when an unauthorised person has gained access to the device containing the data.

It is a researcher’s responsibility to ensure data confidentiality. You will have no excuse if and when data bleaching happens. I suggest that in all training that researchers receive, data security should be added to the curriculum to avoid major inconveniences. Remember that in this Information Age, data is the new oil. A great researcher collects data and knows how to protect their subjects.

References

Bjärkefur, K., Cardoso De Andrade, L., Daniels, B., & Jones, M. R. (2021). THE DIME ANALYTICS DATA HANDBOOK.

Goodman, M. (2015). Future Crimes: Inside the digital underground and the battle for our connected world. Random House.

O’Connor, D. E. (2004). The basics of economics. Greenwood Publishing Group.

Francis Nyonzo is a researcher, economist and cyber security trainer. You can visit his LinkedIn profile here: https://www.linkedin.com/in/francis-nyonzo-77b3b9242/ or reach him at francisnyonzo@gmail.com