Frequently Asked Questions (FAQ)
Do you have a question that you haven't found the answer to yet? Then you might be lucky that others have asked the same question before. On this page you will find the most frequently asked questions about information security at Aalborg University.
Computer, mobile and tablet questions
Your AAU computer is well protected against attacks. Therefore, you don't have to find an antivirus programme for your AAU computer yourself. Just make sure to update your computer when you are notified.
Generally speaking, most computers, mobiles and tablets already have built-in antivirus. Just make sure you keep your devices updated to close old security holes.
In the Software Center on your work computer, you will find a number of pre-approved programmes that you are free to install.
You also have the option of installing other applications on your computer that are not in the Software Center. However, it is important that you have a critical eye for other programmes you want to install on your computer. Always make sure to download the programmes from their official websites - that way you are less likely to download a virus along with the programme you want.
Also, be aware of the types of information you want to process in your programmes.
You can check your computer for viruses by following the steps below.
Windows:
- Search for 'Windows Security' on your computer
- Click on 'Virus and threat protection'
- Click on 'Scan settings'
- Select 'Full scan' and click 'Scan now'
If a virus has been detected on your work computer, contact IT Support.
MacOS:
- Apple macOS automatically scans for viruses in the background. This is not something you can initiate yourself. If you suspect that your AAU-Mac could be infected with a virus, please contact IT Support.
Password questions
You can find the requirements for AAU passwords, as well as a lot of good password tips, on the AAU Password Policy page.
Fortunately, there are several ways to change your AAU password. Read the guide to changing AAU passwords here.
If you have forgotten your password, you can easily create a new one. See here how to create a new password.
Never give your password to anyone else. Remember that even IT Support should never have your password. The only person who should know your password is you.
You probably encounter it on a daily basis when accessing AAU digitally.
The AAU access control is a single-sign-on solution used for most of AAU's systems (e.g. when logging in to Moodle, AAU email and Teams). "Single-sign-on" means that you don't need different passwords to access different internal AAU systems.
The AAU access control allows a number of login attempts to enter the correct password. Therefore, if you enter your password incorrectly a certain number of times, your account will automatically be locked. To unlock your account again, you must either log in to reset.aau.dk and select "Unlock", or contact IT Support on (+45) 9940 2020.
In addition, several AAU systems are connected to a multi-factor authentication (MFA), where your AAU login is supplemented with an additional authentication in the app or via a mobile code. Read more about MFA at AAU here.
Questions about hacker attacks
If you are unsure whether a message or email you have received is genuine, you can:
- Call the person if it's someone you know.
- Read more about the characteristics of phishing on the security incidents page.
- Contact IT Support for help.
Never click on links or attachments in the message if you are unsure. If you want to contact the sender, it is best to contact them in a different way than they have contacted you.
If you have accidentally:
- Disclosed your AAU username and password
- Clicked on an unsafe website
- Opened an attachment from a phishing email
You must report it as a security incident. Contact IT Support immediately or report the security incident here.
Cyber criminals are behind phishing attacks. It's easy to hide your identity online. It's easy to open and close email accounts, PayPal accounts and Bitcoin accounts without leaving a trace in the physical world, making it difficult to stop cybercriminals. Cybercriminals operate in the international world of the internet, so phishing is often in English or auto-translated into Danish.
Although some phishing senders may do it for ideological reasons or to get revenge on specific individuals or companies, the primary motive is money. Bank and credit card details can be exploited for money transfers.
Usernames and passwords for a company's IT systems and networks can be used to gain access to them, after which various valuable information can be retrieved from the system/network - even if the user used to gain access does not have valuable information themselves, it is easier to gain access to other people's information in the system/network once a breach has been made. Alternatively, the system/network can be infected with a virus that the criminal wants money to remove (ransomware).
Other personal information can be worth money to certain companies and can therefore be sold - or used by criminals to hide behind, e.g. for identity theft.
There are several different ways to collect email addresses:
- If you have signed up for a newsletter or otherwise registered your email address, the person or company may choose to sell their list of email addresses.
- If you have previously created a user somewhere with your email address, there is a risk of the email address being leaked if there is a data breach where the user was created.
- It is also possible to collect email addresses via websites where they are displayed. Many email addresses at AAU are publicly available on AAU websites - therefore cybercriminals can easily collect them and use them for phishing attacks.
Phishing does not only take place via email, but can also happen through:
- SMS
- Facebook posts
- Unsecure websites
- Online advertising
- Free software
What they all have in common is that they all seek to collect your personal information or install a virus on your devices.
Questions about data collection
If you need to hold a conversation about confidential or sensitive information online and would like to record it, you should use Skype for Business instead.
If you are a student, you do not have access to Skype for Business at AAU - instead, you can record the audio from the conversation via a borrowed dictaphone from the IT service desk.
MS Teams is not yet approved for these types of information - however, this may change very soon. The website will be updated regularly when changes are made.
First and foremost, you need to be aware of the types of information you will be recording. It is encouraged that you borrow a dictaphone from the IT service desk, as phones often back up to the cloud, so data security can no longer be guaranteed. You should also be aware of how you transfer the audio file to your computer - data security cannot be guaranteed if you use systems or services that are not approved by AAU. Read more about approved programmes and storage solutions here.
Questions about collaboration
Read more about sending different data types on the secure email page.
Don't know what type your data is? Visit the data classification page.
The way you share data with external partners depends on the type of data.
Visit the data classification page to learn more about your sharing options.
Questions about ITS Security
CISO is an abbreviation for Chief Information Security Officer.
Aalborg University's CISO is Michael Collin and can be contacted directly via ciso@aau.dk.
ISU stands for Information Security Committee. You can read more about ISU here.
IT Security is part of AAU's IT Services (ITS), which is part of Shared Services.
Questions about other topics
Help! My question is not here!
Can't find the answer to your question? Send your questions about information security to support@its.aau.dk.