Cybersecurity in science laboratories
All over the world, everyone – from individual to businesses have become more security conscious. Science laboratories aren’t immune to this trend. Though laboratory safety traditionally referred to keeping people safe from chemicals while laboratory security meant keeping chemicals safe from people, the terms have undergone a vast change over the last decade.
Today, new guidelines and approaches are often designed and implemented, some of which are driven by legislation and regulation while others could be planned to mitigate newer threats that laboratories have become vulnerable in today’s digital age. Since most laboratories have manual, digital, or a combination of both to secure their systems, files and data, assets, etc., review of security service from time to time has also become a crucial aspect of safeguarding laboratory resources and assets.
Before talking about cybersecurity in science laboratories, let’s take a look at the different levels of security that such laboratories usually need.
Levels of security that laboratories need
To secure a laboratory, you need to focus on four key areas, which are mentioned below:
- Architectural and physical security: this includes securing walls, doors, fences, locks, and other barriers apart from having controlled roof access, as well as locks and cables on equipment to safeguard them.
- Operational security: This refers to sign-in logs or sheets, authorisation procedures, control of access cards and keys, security guards, and background checks.
- Electronic security: From alarm systems, access control systems, and video surveillance systems to password protection procedures, everything falls under its purview.
- Information security: This refers to having passwords, setting up efficient backup systems, taking measures to safeguard online transactions (such as sending, receiving or sharing of files and information, etc.), and shredding of sensitive information, among others.
Since all these areas are somewhat intertwined, each of them needs to be considered when you plan security protocols for the laboratory. You should also make provisions for redundancy in your security system, which would ensure your laboratory stays protected even when there’s a power failure, unexpected changes in the temperature or laboratory environment, etc.
Cybersecurity in laboratories
The term “cybersecurity” refers to safeguarding internet-connected systems such as software, hardware, and data from cyberattacks. In modern laboratories, researchers work with a lot of data, which gets stored on their allotted computer systems or at a centralized location, from where anyone can access it, share it, or use it to collaborate with the team. Thus, the loss of such data or its unauthorized access due to cyberattacks could be devastating for a laboratory.
Over the years, there have been several instances where cybersecurity breaches have led to the loss of sensitive information, which later found its way into the public domain, or helped those with criminal intentions build a new resource or product using the stolen data as a foundation. Such resources and products could have devastating effects on a sizable world population.
Even if they don’t, they give the cyberattacker bragging rights, let them hold you to ransom, wipe out your credibility as being a secure laboratory, or simply deprive you and other researchers of due recognition for their hard work.
To avoid such events from happening, science laboratories around the world use several security protocols and solutions. For example, they use firewalls, VPNs, antivirus, and network protection, etc. to encrypt all their online activities, which ensures no one can snoop on what they are doing online, thus keeping their research and other data that they send, receive, share, or collaborate upon using the internet, safe and away from prying eyes and those with malicious intent. Running periodical security audits to find out vulnerabilities and security breaches, if any, and fixing them promptly are other steps that laboratories usually take.
Since many cyberattacks in laboratories are often triggered by humans, some other steps taken by many laboratories to steer clear of the “human risk factor” include:
- Changing passwords regularly.
- Keeping passwords confidential, and not storing or writing them in an obvious place.
- Safeguarding access cards, keys, or other physical security tools.
- Ensuring proper authorization is given to the people, who need to access certain systems or files, and that such authorization expires the moment the task is completed or the need for such authorization is no longer there, whichever happens to be earlier.
- Training in-house personnel, who have access to confidential information and data assets while emphasising on the importance of confidentiality.
- Reviewing any procedures that need releasing confidential or proprietary information to a third-party or someone outside the laboratory or the team involved.
- Having a written and signed confidentiality agreement with personnel who have access to sensitive information.
- Prior to discarding materials containing confidential and/or sensitive information, making them unusable (which could be by shredding paper documents, or by erasing magnetic tapes).
- Immediate reporting of any suspected or known security breaches.
- Setting up policies and procedures for proprietary information stored on portable storage media or hard drives and for the removal of such proprietary information from the laboratory.