The newsletter contains relevant information for all employees, for example GDPR regulations, IT security and IT procurement. We also use the newsletter to collect and communicate IT news or information about IT changes from AU, NAT-TECH IT, AU IT and other sources. In particular, we focus on data management, cyber security and good IT behaviour.

Contact Charlotte, f you have information or IT tips that are relevant for future IT newsletters.

Ordinary computers with a standard Windows 10 installation must be replaced by 2025 at the latest: Microsoft will stop support and thus security updates for Windows 10 in 2025.

If your computer is on the death list, you have received a personal e-mail from the head of department.

Aarhus University focuses on phishing attacks and in the autumn a fake phishing email was sent from AU, which many also discovered and reported correctly.

This week there has been a good example of a real phishing email. Remember (without clicking!) that you can often see the sender address and the source of the email. Microsoft will not send from this address:

How do you report a phishing email?

There are different options depending on how your Outlook is set up. Usually the easiest and fastest approach is to right-click on the email, select "Report" and "Phishing".

More information about phishing.

Electronic Research Data Archive (ERDA) is free to use and has been around since 2023. Currently there are approx. 1000 users who collectively have 1700 TB of data, which corresponds to ERDA's capacity being 81% utilised. ERDA has several advantages:

• Accessibility: External partners can also access ERDA.
• Speed: 4 file transfers can run simultaneously via the SFTP protocol.
• Sharing: You can create public links to share files in ERDA, which also works for non-ERDA users.

If you are familiar with Rclone, superusers can use the command prompt. For daily use (e.g. to mount ERDA, copy and access data) you do not need to know Rclone commands.

ERDA is located at two physical sites that take "snapshots" of your files:

• Primary: 4 per hour which is saved for 8 days
• Secondary: 1 per day which is saved for 30 days

ERDA also has an archiving function. It is, for example, very useful for publications where you need the files to be locked. After that, it is not possible to change them. If locked by mistake, they can be opened again by an administrator.

New users must first access ERDA via the portal erda.au.dk

Contact Jesper Lykkegaard Karlsen if you have any questions.

From AU:

We’re seeing a marked interest in using ERDA, and we’re working on expanding the system’s capacity. We aim to have the expansion completed by the end of January. In the meanwhile, we ask all users to hold off large data uploads to ERDA, as we’re nearing capacity. We can still cope with the current, normal level of activity – but not additional, new data.

We therefore ask that all users wait with such transfers until the work has been completed in January. This way, we can ensure that ERDA will remain available for the rest of the old year and into the new one.

If you have any questions, you are welcome to contact erda-info.it@au.dk

Remember that ERDA and SIF do not replace the O-drive, the O-drive continues and is suitable for internal sharing. What can ERDA and SIF be used for:

• ERDA: For research data, especially if you want to share with external collaborators.
• SIF: For data containing (personal) sensitive information.

Today we pay for data storage on the O drive according to the quantity we had in 2022 + whatever may have been added since. ERDA and SIF are (for now) free to use. However, remember to think sustainably: Regularly clean up files so that you only keep the data that is relevant and will be used.

It has been decided, for the sake of the PhD students and copyright, that we must always refer to the PhD student if someone requests a copy of the PhD defence.

Even if there is a lending permit that gives AU permission to e.g. send the PhD thesis per mail, we must not do it.

Aarhus University uses Ouriginal (formerly Urkund) for the screening of exam assignments. The screening of texts is carried out in order to detect any plagiarism in texts.

Ouriginal is integrated into the WISEFLOW exam system. Please find Ouriginals own short guide on how to read an analysis here.

AU Library provides support in relation to the use of the system and is also an active participant in preventing plagiarism at Aarhus University.

Morten is our contact librarian at the Department of Geoscience and can be contacted via e-mail.

Regarding Open Access agreements with publishers

• Unfortunately Emeriti are not part of the agreements. A possible solution is to cooperate with a permanent employee which can act as the corresponding author. 
• In January 2025 we expect to launch Journal Finder that will make it possible to search for journals in all the agreements at the same time - instead of (as today) having to search each publisher website.

Purchase of physical books

• The library is happy to look into purchasing physical books if you know of a book that you think should be part of the collection.
• Also, if you want us to have certain books available for the students at the library in connection with their studies.
• Please be aware that we purchase on government contracts, and it can therefore sometimes take a long time from finalizing the order to receiving the book at the library.
• If you want a book for the library, you can either contact Morten directly (mhga@kb.dk), or fill out this form.

Information about copyrights when using pictures:

• Researcher
• Teacher

The Christmas holidays are just around the corner and we remind you of the Department of Geoscience's e-mail and calendar policy, here are a few excerpts:

E-mail

Use e-mail as a form of communication when:

• Communication cannot be arranged in person or by phone call.
• There is a need to store information, e.g. as documentation.

Consider which recipient are relevant.

As far as possible, only send e-mails within normal working hours, replies cannot be expected outside of normal working hours.

Avoid sending e-mails to people you know (or can see in Outlook) are absent due to vacation or other. One option is to use the "delayed delivery" function (the procedure is described in more detail in the document).

Remember that there may be requirements for journalizing e-mails in Workzone.

Calendar

Keep your calendar updated because:

• Meeting planning must be able to take place efficiently.
• Others must be able to search for information about whether you are present or not.

When you are not present

• Use an appropriate auto-reply on your email.
• Block your own (and not other people's) calendar for all types of absence.
• Consider students, delivery people and others who do not have access to Outlook: put a note on your door saying when you are expected to return.

From AU:

What is an IT Travel Kit?

An IT Travel Kit is a set of IT equipment specially designed for business trips to countries with a high security risk. The kit includes a laptop and a mobile phone, both configured to protect AU data from unauthorized access.

The provisional procedure for lending travel kits at Nat-Tech IT will look like this:

The user applies in the Support system Cherwell that they want to borrow a computer for travel to high-risk countries at least 2 weeks prior to departure.

You will be sent the following message (Danish or English depending on the user's language) incl. a link for booking an appointment:

1. The Windows computer comes with VPN & Office applications installed (Word, PowerPoint, Excel), but not Outlook - this must be accessed through Webmail.au.dk to support MFA (two-step verification). Please note that you will not have administrator rights on the computer, so if you think you need special software during the trip, please inform us of this. If you need to write to the USB drive from the computer, it must be encrypted with Bitlocker.

2. Regarding smartphones, you have the option to choose between Android and iOS. However, it is important to note that only Android devices can be used to access corporate data such as Outlook. Please note that you must log out of apps that access AU data on your private mobile if you bring this with you on trips to high-risk countries.

To avoid bringing unnecessary and potentially vulnerable data with you and to possibly spyware pursues you afterwards, it is a requirement that you create a "burner" appleID/google account (depending on smartphone choice), which you create for the trip and delete afterwards.

Please also read about business trips to high-risk countries: Rules for business trips in connection with your work | Aarhus Universitet

Let us know about programs and smartphone choices, and whether you have any other questions about IT equipment on the journey.

NB: Please book an appointment in advance to collect the equipment, so that you have time to test and become familiar with the computer. The initial setup may take some time.

From AU:

Hacking attempts, espionage and data theft. Universities face many cyber threats, which is why AU is stepping up its cybersecurity efforts with a four-year programme that includes seven focus areas. One of them involves fostering a culture of cybersecurity at the university.

Between now and 2027, AU will ramp up its cybersecurity efforts with a four-year programme and a range of initiatives across all faculties and administrative units. The first initiatives will be launched in May.

The Danish Centre for Cyber Security has assessed the cyberthreat against Denmark as very high, and universities are recognised as prime targets for cyber criminals – research and data are valuable and can be used for harmful purposes if they fall into the wrong hands.

The seven focus areas, which have now been approved by the senior management team, are designed to reduce the risk of serious cyberattacks against the university. They include both technical and organisational measures as well as the recommendation to promote a culture of cybersecurity among staff and students.

Cybersecurity is about technology and behaviour

Deputy director for AU IT, Peter Bruun, emphasises that all members of staff have to play their part to ensure a high level of information security at AU.

“From an IT point of view, we can do a lot to secure AU’s systems and fortify our processes to protect the university against cyberattacks. But cybersecurity is not something we can achieve in the IT department alone. If we want to improve our cybersecurity, we need to make it an integral part of our work processes and have a clear sense of how we can all play a role. Fostering a culture of cybersecurity at the university is therefore one of the central initiatives in this new programme, and it involves everything from how we process data to how we manage our passwords and how we open files,” says Peter Bruun.

The programme will be led by a steering committee made up of representatives from all five faculties, AU IT, AU Student Administration and Services, and AU Research – and the initiatives in the programme will range from specific projects to the ongoing administration of AU systems.

Each focus area will be scheduled and organised independently.

Risk statements as a management tool

The focus areas have been selected based on a number of risk statements, which have been discussed and approved by the senior management team and approved by the AU Board. These risk statements define the university’s risk tolerance level and describe how security should be balanced against other factors, such as the freedom to use IT equipment to conduct research. University Director Kristian Thorn explains that the risk statements will act as a management tool for the focus areas.

“The risk statements help to describe AU’s risk tolerance level based on some very specific scenarios that include several factors we have to balance, such as academic freedom, which we value highly. AU will have to allocate more resources to IT security in the coming years, both at the academic departments and in the administration, so it’s vital that our expenditure and measures reflect the consequences of the risks we’re facing,” he says.

From May this year, management representatives from the departments and schools, research areas and administrative divisions will be invited to take part in introductory meetings, where the information security department at AU will explain more about risk tolerance and risk statements and recommend ways to manage the programme’s initiatives to increase cybersecurity in practice.

From May 2024, management representatives for institutes, research centers and deputy director areas will be offered introductory meetings. Here, the Information Security Department at AU will elaborate on the meaning of risk tolerance and risk statements and introduce how to work with management of efforts for increased cyber security in practice.

Geoscience head of department, the department's FISU member (Thomas Mejer Hansen) and Charlotte as chairperson of the Geoscience IT committee will participate in the faculty's workshop on managing cyber security locally at NAT.

From AU:

The new unit in AU Research will provide support for handling research data in the broadest sense.

The Research Data Office will initially be responsible for the administrative support of the following areas:

• Data Protection (GDPR)
• Open science (including research data management, open access and ERDA/SIF)
• URIS (including rules for export control and dual use)
• HPC Resources (help for applying for access via DeiC)

In addition, the unit handles the special functions such as DPO (data protection advisor) and Authorized Official (signs cooperation agreements with US licensors).

During the weekend of 1 and 2 February 2025 AU IT systems and possibly other services are stopped temporarily due to planned maintenance:

Future service windows can be found at https://serviceinfo.au.dk in the menu Service windows.

Use the service portal to create new IT cases or follow the progress of ongoing cases.

Use phone 87 15 40 10 for acute IT-emergencies.

Opening hours for showing up in the IT helpdesk and for calling can be found at the NAT-TECH IT website.

We currently do not have Onsite IT support at the department.

Geoscience IT committee (including newsletters)

Geoscience IT pages (including policy for using e-mail and calendar)

AU IT (general service and support pages, with contact info)

Serviceportal (follow or comment on your IT cases)

Service information (messages about acute IT incidents or scheduled maintenance)

AU IT webshop (IT procurement, requires AU network)

AU IT security (including information about GDPR, phishing, data storage etc.)