Your AAU computer is well protected against attacks. Therefore, you don't have to find an antivirus programme for your AAU computer yourself. Just make sure to update your computer when you are notified.

Generally speaking, most computers, mobiles and tablets already have built-in antivirus. Just make sure you keep your devices updated to close old security holes.

In the Software Center on your work computer, you will find a number of pre-approved programmes that you are free to install.

You also have the option of installing other applications on your computer that are not in the Software Center. However, it is important that you have a critical eye for other programmes you want to install on your computer. Always make sure to download the programmes from their official websites - that way you are less likely to download a virus along with the programme you want.

Also, be aware of the types of information you want to process in your programmes.

You can check your computer for viruses by following the steps below.

Windows:

1. Search for 'Windows Security' on your computer
2. Click on 'Virus and threat protection'
3. Click on 'Scan settings'
4. Select 'Full scan' and click 'Scan now'

If a virus has been detected on your work computer, contact IT Support.

MacOS:

• Apple macOS automatically scans for viruses in the background. This is not something you can initiate yourself. If you suspect that your AAU-Mac could be infected with a virus, please contact IT Support.

If you need to access the internet while travelling, the safest option is to use your mobile network, from which you can create a hotspot.
See here for IOS.
See here for Android. 

However, data/roaming costs can add up quickly if you need to use the internet frequently on your trip. Therefore, if you are using an unfamiliar network, try to use password-protected networks as much as possible, such as hotel networks in reputable hotels. However, these are not necessarily secure, so remember to always connect to the VPN as the first thing you do once you have an internet connection, even if you are connected via a mobile hotspot.

If you are unfortunate enough to lose your equipment while travelling abroad, you need to do exactly the same as if you lost it in Denmark. It's important that you report it as a security incident as soon as you realise your equipment is missing and that you change the password to your AAU account.

1. See here how to report a security incident.
2. See here how to change your password. 

You can find the requirements for AAU passwords, as well as a lot of good password tips, on the AAU Password Policy page.

Fortunately, there are several ways to change your AAU password. Read the guide to changing AAU passwords here.

If you have forgotten your password, you can easily create a new one. See here how to create a new password.

Never give your password to anyone else. Remember that even IT Support should never have your password. The only person who should know your password is you.

You probably encounter it on a daily basis when accessing AAU digitally.

The AAU access control is a single-sign-on solution used for most of AAU's systems (e.g. when logging in to Moodle, AAU email and Teams). "Single-sign-on" means that you don't need different passwords to access different internal AAU systems.

The AAU access control allows a number of login attempts to enter the correct password. Therefore, if you enter your password incorrectly a certain number of times, your account will automatically be locked. To unlock your account again, you must either log in to reset.aau.dk and select "Unlock", or contact IT Support on (+45) 9940 2020.

In addition, several AAU systems are connected to a multi-factor authentication (MFA), where your AAU login is supplemented with an additional authentication in the app or via a mobile code. Read more about MFA at AAU here.

If you are unsure whether a message or email you have received is genuine, you can:

• Call the person if it's someone you know.
• Read more about the characteristics of phishing on the security incidents page.
• Contact IT Support for help.

Never click on links or attachments in the message if you are unsure. If you want to contact the sender, it is best to contact them in a different way than they have contacted you.

If you have accidentally:

• Disclosed your AAU username and password
• Clicked on an unsafe website
• Opened an attachment from a phishing email

You must report it as a security incident. Contact IT Support immediately or report the security incident here.

Cyber criminals are behind phishing attacks. It's easy to hide your identity online. It's easy to open and close email accounts, PayPal accounts and Bitcoin accounts without leaving a trace in the physical world, making it difficult to stop cybercriminals. Cybercriminals operate in the international world of the internet, so phishing is often in English or auto-translated into Danish.

Although some phishing senders may do it for ideological reasons or to get revenge on specific individuals or companies, the primary motive is money. Bank and credit card details can be exploited for money transfers.

Usernames and passwords for a company's IT systems and networks can be used to gain access to them, after which various valuable information can be retrieved from the system/network - even if the user used to gain access does not have valuable information themselves, it is easier to gain access to other people's information in the system/network once a breach has been made. Alternatively, the system/network can be infected with a virus that the criminal wants money to remove (ransomware).

Other personal information can be worth money to certain companies and can therefore be sold - or used by criminals to hide behind, e.g. for identity theft.

There are several different ways to collect email addresses:

• If you have signed up for a newsletter or otherwise registered your email address, the person or company may choose to sell their list of email addresses.
• If you have previously created a user somewhere with your email address, there is a risk of the email address being leaked if there is a data breach where the user was created.
• It is also possible to collect email addresses via websites where they are displayed. Many email addresses at AAU are publicly available on AAU websites - therefore cybercriminals can easily collect them and use them for phishing attacks.

Phishing does not only take place via email, but can also happen through:

• SMS
• Facebook posts
• Unsecure websites
• Online advertising
• Free software

What they all have in common is that they all seek to collect your personal information or install a virus on your devices.

You can find more information on what to look for if you are unsure if an email is phishing on our security incidents page.

And if you are unsure about a link, you can use websites such as tjekpånettet.dk.

If you need to have a conversation about confidential or sensitive information online and would like to record it, use Skype for Business instead. Alternatively, AAU Zoom can also be used - see the question below.

MS Teams is not yet approved for these types of information - however, this may change very soon. The website will be updated regularly when changes are made.

Yes, you can if you choose the option to save the recording locally on your computer. Read more about security on Zoom here.

First and foremost, you need to be aware of the types of information you will be recording. It is encouraged that you borrow a dictaphone from the IT service desk, as phones often back up to the cloud, so data security can no longer be guaranteed. You should also be aware of how you transfer the audio file to your computer - data security cannot be guaranteed if you use systems or services that are not approved by AAU. Read more about approved programmes and storage solutions here.

Read more about approved applications, storage solutions, systems and services, and data types on the data classification page.

Read more about sending different data types on the secure email page.

Don't know what type your data is? Visit the data classification page.

The way you share data with external partners depends on the type of data.

Visit the data classification page to learn more about your sharing options.

CISO is an abbreviation for Chief Information Security Officer.

Aalborg University's CISO is Michael Collin and can be contacted directly via ciso@aau.dk.

ISU stands for Information Security Committee. You can read more about ISU here.

IT Security is part of AAU's IT Services (ITS), which is part of Shared Services.

You can read more about secure email at AAU here.