How to use Castor CDMS system in a secure way - Best practices
Castor is secured according to the most recent standards to make sure your data is protected in the best possible way. The measures we take to protect the data are outlined in our Security Statement. While we strive towards storing the collected data as securely as possible, as a user you also play a role in keeping this data safe.
Accessing the system
Use a strong password. A good password should be easy to remember but difficult to guess.
Don’t use a password you’re already using somewhere else. A lot of data breaches happen because identical passwords are used across different services. Password managers can help you use highly secure, unique passwords for different services without having to type or remember them - check your institute policies about what you’re allowed to use.
Keep your password private. Don’t share it with anyone and never write it down. Castor personnel will never ask for your password.
Avoid using general email addresses such as firstname.lastname@example.org that multiple people have access to. All actions in a study are tracked in the audit trail. Using general email addresses makes it harder to track who accessed the system and made changes to a study.
Lock your screen if your device is unattended and log out of the application if you no longer need to access the system. A session in Castor CDMS automatically expires after 20 minutes of inactivity.
Enable two-factor authentication. This adds an extra layer of security to your Castor account. Potential attackers will need not only your account details, but also your physical device with the Authenticator to be able to access your account.
Secure your computers with antivirus and anti-malware software.
Always check that you are on the castoredc.com domain and not on a fake website (phishing). Be especially vigilant when following links from email messages.
Working with data
Avoid adding personally identifiable information (PII) unless the encryption module is used. Avoid storing surnames, Social Security numbers or postal codes and preferably not even dates of birth, unless you are encrypting your data.
If you want to share your Castor data export, the safest method is to add the person to your Castor study so they can export the data themselves. If you prefer to share the file instead, encrypt the data file with a password and share the password via a different communication channel than the one you use to share the data file.