As an employee, you play an important role in security at Aarhus University.
For many of us, working from home has become part of everyday life as a result of coronavirus. Security levels are often slightly lower at home than at the university. So, when many employees begin working online remotely, the university becomes more vulnerable to cybercriminals.
Therefore, we urge you to consider your routines and behaviour, regardless of where you are working from, so you help maintain a high level of security at the university.
This page contains advice on what to do when working from home. Please contact your local IT support team if you have any questions about complying with the advice.
The VPN encrypts any communication between your device (e.g. laptop) and AU's systems and services (e.g. shared drives and WorkZone), ensuring that unauthorised persons cannot access the material being transferred.
If you are teaching remotely, temporarily log off the VPN during the teaching session to ensure the best user experience. Be careful not to share sensitive personal data and confidential information while teaching remotely, because your data isn’t encrypted when you’re not logged onto the VPN.
Hackers exploit security vulnerabilities in programs, apps and operating systems, and you should therefore make sure that they are kept up to date.
All AU computers (PCs and Macs) are updated automatically. However, you are responsible for updating the programs you have installed yourself and the browsers you use.
Linux users need to update their computers themselves.
If you have an AU smartphone and/or tablet, you must update the operating system and apps yourself. AU IT is working on a solution where AU smartphones/tablets will be updated automatically.
Who is permitted to participate in the meeting depends on what types of data will be shared at the meeting. Read about AU’s four data classifications.
Open meetings where everyone with a link can participate
It is easy for external participants to hide their identity behind an avatar or fake photo in open online meetings.
When you conduct an open online meeting it is important that you have control over who participates to avoid externals interupting your meeting with e.g. malicious audio, video, chat and/or screen sharing. To have better control over who enters the meeting, you can use a meeting password, the waiting room feature or mandatory registration.
If you do not wish to use these features, you should change your meeting to a webinar. That way, you will automatically get control over who participates with video, audio, chat and screen sharing.
Closed meetings are only possible with a personal invitation
Consider if the participants should use a password to enter the meeting.
If you are chairing a small meeting of invited participants, you should verify the identity of any external participants. For example, you can ask them to present themselves and turn on their camera. If the chair does not ask participants to present themselves, you can make the request yourself. At big meetings, where a presentation round does not make much sense, there are still ways to check external participants. It can be necessary, and often a good idea, to exclude unidentified participants, unless doing so conflicts with the purpose of the meeting.
When you participate in an online meeting and have to give a presentation, take care that you do not reveal more than you intend.
Sharing a screen, program or presentation can sometimes mean that other participants see your notes and other internal information. When you share your screen, close all other unnecessary programs and avoid showing your desktop, so that only the presentation, photo or document is shown to all participants. This will help you keep check of what the other participants can see.
It is easy to leak internal, confidential and sensitive data if you post photos or video material from your place of work on social media. Therefore, be particularly careful with work-related tasks and information you share on social media. Avoid photos of screens, communication equipment, notes and documents.
Many people are not aware that the information they send via messaging services, especially ordinary text messages, is sent in clear text. This means that the messages are not protected and can be read by others if they are intercepted. Therefore, consider whether your message needs to be protected and, if so, use an encrypted message service instead.
Source: Centre for Cyber Security
As a general rule, only use systems and software provided by AU to ensure IT security is in order.
If you have needs beyond what AU makes available, please contact your local IT support team before downloading any new apps. This will help IT support and AU IT ensure that the basic IT security is in order and that the procurement rules have been complied with.
Do you use printed documents, USB keys or other material, and do you store documents and media at home? Then consider whether the information is sensitive or confidential, and whether it should be withheld from others.
Always lock your computer when you leave the room, so that others in your house, e.g. children, can't access AU data.
You may not throw away AU documents with internal, sensitive and/or confidential data in your own trash can. Acquire an approved paper shredder for your home office or bring the documents to AU to shred them.
Also, make sure that AU documents are not visible to your guests or people looking through your window.
You may not save or store AU data on your personal IT equipment, e.g. PC, tablet, smartphone, USB or external harddisk.