Here is 6 pieces of advice about information security when working remotely, e.g. from home.


As an employee, you play an important role in security at Aarhus University.

For many of us, working from home has become part of everyday life as a result of coronavirus. Security levels are often slightly lower at home than at the university. So, when many employees begin working online remotely, the university becomes more vulnerable to cybercriminals.

Therefore, we urge you to consider your routines and behaviour, regardless of where you are working from, so you help maintain a high level of security at the university.

This page contains advice on what to do when working from home. Please contact your local IT support team if you have any questions about complying with the advice.  


1. Use the VPN on AU equipment

The VPN encrypts any communication between your device (e.g. laptop) and AU's systems and services (e.g. shared drives and WorkZone), ensuring that unauthorised persons cannot access the material being transferred.  

  • Use the VPN as much as possible when working from home.
  • However, note that you can only use the VPN if you’re working on AU devices, i.e. devices provided to you by AU, such as your work computer.
  • If you are not using AU equipment but instead using your own device, for security reasons, do not install or log onto the VPN. 
  • Note that the VPN can cause problems with online meetings, for example. Log off temporarily, and log on again once your meeting is over.     
  • How to access the VPN.   

For teaching staff

If you are teaching remotely, temporarily log off the VPN during the teaching session to ensure the best user experience. Be careful not to share sensitive personal data and confidential information while teaching remotely, because your data isn’t encrypted when you’re not logged onto the VPN.

2. Keep your computer, phone and tablet updated

Hackers exploit security vulnerabilities in programs, apps and operating systems, and you should therefore make sure that they are kept up to date.


Computer

All AU computers (PCs and Macs) are updated automatically. However, you are responsible for updating the programs you have installed yourself and the browsers you use.

 

Linux users need to update their computers themselves. 

Smartphones/tablets

If you have an AU smartphone and/or tablet, you must update the operating system and apps yourself. AU IT is working on a solution where AU smartphones/tablets will be updated automatically.

3. Focus on what type of data you share with who during online meetings

Who will participate in the meeting? 

Who is permitted to participate in the meeting depends on what types of data will be shared at the meeting. Read about AU’s four data classifications.

Open meetings where everyone with a link can participate

It is easy for external participants to hide their identity behind an avatar or fake photo in open online meetings.  

When you conduct an open online meeting it is important that you have control over who participates to avoid externals interupting your meeting with e.g. malicious audio, video, chat and/or screen sharing. To have better control over who enters the meeting, you can use a meeting password, the waiting room feature or mandatory registration. 

If you do not wish to use these features, you should change your meeting to a webinar. That way, you will automatically get control over who participates with video, audio, chat and screen sharing. 

Closed meetings are only possible with a personal invitation

Consider if the participants should use a password to enter the meeting. 


Verify meeting participants via images or in some other way

 If you are chairing a small meeting of invited participants, you should verify the identity of any external participants. For example, you can ask them to present themselves and turn on their camera. If the chair does not ask participants to present themselves, you can make the request yourself. At big meetings, where a presentation round does not make much sense, there are still ways to check external participants. It can be necessary, and often a good idea, to exclude unidentified participants, unless doing so conflicts with the purpose of the meeting.


Be aware of what you are sharing on your screen

When you participate in an online meeting and have to give a presentation, take care that you do not reveal more than you intend.

Sharing a screen, program or presentation can sometimes mean that other participants see your notes and other internal information. When you share your screen, close all other unnecessary programs and avoid showing your desktop, so that only the presentation, photo or document is shown to all participants. This will help you keep check of what the other participants can see.   


Useful links

4. Avoid sharing internal, confidential and sensitive data on social media or via text messages

Social media

It is easy to leak internal, confidential and sensitive data if you post photos or video material from your place of work on social media. Therefore, be particularly careful with work-related tasks and information you share on social media. Avoid photos of screens, communication equipment, notes and documents.  

Text messages and similar messaging services

Many people are not aware that the information they send via messaging services, especially ordinary text messages, is sent in clear text. This means that the messages are not protected and can be read by others if they are intercepted. Therefore, consider whether your message needs to be protected and, if so, use an encrypted message service instead.  

Source: Centre for Cyber Security

5. As a general rule, only use systems and software provided by AU

As a general rule, only use systems and software provided by AU to ensure IT security is in order. 

If you have needs beyond what AU makes available, please contact your local IT support team before downloading any new apps. This will help IT support and AU IT ensure that the basic IT security is in order and that the procurement rules have been complied with. 

Read the guidelines for acquiring new systems.

6. Treat work-related documents the same way at home as in the office

Do you use printed documents, USB keys or other material, and do you store documents and media at home? Then consider whether the information is sensitive or confidential, and whether it should be withheld from others.


Remember to lock your computer

Always lock your computer when you leave the room, so that others in your house, e.g. children, can't access AU data.  


Printed dokuments

You may not throw away AU documents with internal, sensitive and/or confidential data in your own trash can. Acquire an approved paper shredder for your home office or bring the documents to AU to shred them.  

Also, make sure that AU documents are not visible to your guests or people looking through your window. 

No AU data on personal IT equipment

You may not save or store AU data on your personal IT equipment, e.g. PC, tablet, smartphone, USB or external harddisk. 

 


Useful links