Report a Security Incident
Want to report a security incident? Or are you curious about what a security incident actually is? As an employee or student at AAU, you must report security incidents as soon as you experience them.
What is a security incident?
A security incident is any type of data breach that may pose a risk to the information, including personal data, handled at AAU. In short, it is a breach of security, whether it involves information, personal data, confidentiality or anything else.
For example, a security incident has occurred if you:
- Lose any of your IT equipment
- Find or lose documents with content that may be confidential or contain personal data
- Accidentally send an email with confidential content or personal data to the wrong person
- Discover a virus on your computer
- Click on content in a phishing email
It is important that you submit a security incident report as soon as you discover the incident. You can report a security incident here.
As an employee or student at AAU, you must report security incidents as soon as you experience them. This applies both if you are involved in the security incident, but also if you discover a security incident that you are not involved in.
If you experience a security incident outside of IT Support's normal business hours, you need to assess the severity of the incident. Is the security incident so serious that it cannot wait until the next working day? Then you should contact your head of department or manager in a similar role, who will then pass the incident on to the right people.
Remember that a security incident involving personal data must be reported to the Danish Data Protection Agency within 72 hours of occurrence. Therefore, there is a critical time factor for incidents involving personal data.
Here is an example of a critical time factor when reporting a security incident:
- You drop a USB stick containing sensitive personal data on Friday afternoon at 12.00, but you don't report the incident until Monday morning at 8.00. The deadline for submitting a report to the Danish Data Protection Agency starts running from the time the incident occurred. Therefore, there will now only be 4 hours to react to the security incident, which is far too little time.
Once you have reported a security incident, your report is immediately forwarded to ITS for processing and assessment. If there is missing information in the case, you will be contacted directly for further clarification.
- The breach is stopped so that it does not develop further.
- The incident is clarified, including the scope and possibly the type of personal data.
- An assessment is made of whether the security incident should be reported to the Danish Data Protection Agency - and this is done if deemed necessary.
- An assessment is made of whether the security incident may have consequences for the person(s) whose data is affected. If so, the affected individuals are notified.
- It is clarified and investigated whether AAU can prevent similar incidents in the future by implementing organisational or technical security measures.
What should I be wary of?
Phishing is a type of cyber attack where cybercriminals use misleading emails to lure you into providing sensitive information. This information is then used to gain access to important accounts, which can result in identity theft and large financial losses.
Smishing uses the same motive as phishing, where you receive SMS messages instead of emails.
Spear phishing is the upgraded version of phishing and smishing, where cybercriminals are much more targeted. They use publicly available information to tailor their attack to specific individuals or organisations.
1) The sender is not who they appear to be.
The sender of a phishing email always hides their identity. This can be done by hacking an existing email account and pretending to be someone else. Or the sender has created a new email account via one of the many services that offer email account creation without the need for proof of identity. In email programmes, the sender field can be filled in freely so that the email appears to come from a person or company you know. Therefore, you should be wary even if the email appears to come from someone you know.
Good advice: If you're not sure if it's the right person who sent the email, you can contact the person via a phone call or in person.
2) You have to provide personal information, click on a link or open a file.
The purpose of a phishing email will always be to try to get you to "do" something. It could be that your "boss" desperately needs you to buy some iTunes gift cards and send them, or that your online bank needs you to log in to view a message via a link. Maybe there's a link you're "expected" to click on or an attachment you need to open. Don't do what you are encouraged to do. If you're wondering if what the email says might be true, check it out without replying to the email, without clicking on links in the email and without opening any attachments.
Good advice: Always be sceptical and contact IT Support if you have any doubts about the email you have received.
3) Links point to a fake website.
If you choose to click on the link in the message and the website "looks real enough", there's still a risk that it's not the real thing. Cybercriminals are clever and can quickly build a convincing website where you can "log in".
Good advice: Hover your mouse over the link without clicking on it to see if it leads to the right place. Otherwise, you can for example search for your online bank on the internet and log in via their official website.
4) It's urgent or could have major consequences for you.
Many phishing emails are characterised by the fact that you have to do something because it's urgent or could have consequences for you if you don't take action. For example, you may be threatened that your payment has not gone through, that your account is outdated and all your data will be deleted, or that you have a virus on your computer.
Good advice: Assess from email to email whether there is a risk that the threat is real. Do NOT do anything rash - always contact IT Support if you have any doubts or concerns.
5) Spelling mistakes and poor grammar.
Phishing emails are often characterised by the fact that the sender is not a native Danish speaker. Therefore, phishing emails can often be spotted by poor translations, spelling mistakes and incorrect grammar. However, a phishing email can easily be executed with perfect language - partly because cybercriminals are getting better and AI tools are now available, but also because there are also Danish cybercriminals out there.
Good advice: Be vigilant and use the above characteristics to assess whether it could be a phishing email. Always contact IT Support if you are in doubt.
For example, if you have accidentally:
- Passed on your AAU username and password
- Clicked on an unsafe website
- Opened an attachment from a possible phishing email
Report the security incident via the link on this page or contact IT Support via firstname.lastname@example.org.
It is also a good idea to change your password - see the rules and your options here.
The Danish Consumer Council Tænk and TrygFonden have collaborated to create the app "Mit digitale selvforsvar" (my digital self-defence), which you can download to your phone. Read more about the app and download here.