This newsletter contains relevant information for all staff, for instance GDPR rules, IT security and IT procurement. Furthermore we use the newsletter to collect IT news or information regarding IT changes from AU, NAT-TECH IT, AU IT and other sources.

If you have information or IT tips which are relevant for future IT newsletters please contact Charlotte.

Thomas Lund Hansen, Thomas Ulrich og Charlotte Rasmussen will visit all offices before the end of 2021 with the following focus:

• Mini-workplace assessment related to the office change for HGG (among others ergonomy, noise, etc.)
• GDPR and IT security, where we ask some questions

There is a need to focus more on IT security based on external threats. Here are 8 tips to improve IT security:

1. Be aware of the threat and the methods used (espionage etc.)
2. Assess the value of your reasearch (consider which data and information you cannot afford to loose?)
3. Set the framework for foreign visitors (as an example it is better for the guest to bring his or her own computer, instead of borrowing a local machine)
4. Be careful when travelling (in general, you are more exposed to theft, cyber threats etc. abroad, when using Wi-Fi etc.)
5. Focus on your IT security (do not click on attached files or links if you do not know whether or not to trust the source, do not USB sticks unless you trust the person who provided them)
6. Focus on physical security (your ID card should be visible when you are at work on campus)
7. Be careful, particularly when someone requests (personal) information which you should not share
8. Report if you believe that IT security has been compromised

Read more about the individual bullets in the file from PET: Is your research at risk?

If you have questions regarding information security (or have noticed a security breach at Aarhus University) you should contact the Information Security Unit.

Always make sure that the physical security surrounding your computer (and additional hardware) is optimal: 

• Lock your computer when you leave it (on Windows machines this is easily done using the [Windows key] + [L]).
• Never provide your personal AU-ID (or password) to anyone, also not staff from AU IT.
• When logged on to your computer and briefly leaving it, do not let others use your profile.
• Do not let others install software on your personal computer or lab machines. Regular users should not have administrator rights on computers that are shared by many.
• Change your password regularly (not only for different systems but also your main AU-ID profile).
• Make sure to save your files in OneDrive or the O-drive to ensure that you have a backup and an option to fast and safely restore files.

On some lab computers you may not add additional USB-equipment since this may disrupt the port-configuration and stop communication to the analytical equipment.

Read more at: https://medarbejdere.au.dk/en/informationsecurity/

Ransomware, spyware, unwanted encryption of discs, extraction of sensitive personal data etc. are conditions we all need to be very aware of. It is not necessarily "only" yor computer and your data that is affected. Often malware spreds to other machines or the entire network.

International guests may unintentionally carry software and vira from their home institution. You can also unknowingly pick up something and bring back home, if you visit foreign institutions. Remember the following:

• Do not use USB sticks, especially if they belong to others (eg. guests) to transfer data between computers: Do not share USB sticks, CDs or external discs with other people. Choose to transfer electronically (through e-mail, shares, online file-sharing etc.). 
• A single visit to a website may be enough: Be careful with online links that you do not trust, or pages that look suspicious.
• Avoid free applications from the internet: It often contains unwanted elements such as spyware. Spyware can either intercept sensitive personal information or monitor your behavior, which will influence the performance of your machine (it works slower, whereby network usage typically feels much slower).

The Department of Geoscience is currently setting up a general SharePoint website to be used by the entire department. Here files can easily be shared in a document library. SharePoint has the following benefits:

• Files can be edited at the same time by different users
• Access can be controlled

We provide access to all staff from the get-go.

Starting in September AU IT will roll out DMARC, a new technical solution to mitigate spoofing attacks against staff. DMARC will ensure that fraudulent emails from senders claiming to be from Aarhus University are rejected before ever reaching your inbox.

During the implementation phase, for a brief period you will need to pay extra attention to whether emails end up in your spam filter by mistake. Until the solution has been fully implemented, the system may reject genuine emails if they have been sent from a system. For example, newsletters and confirmation emails from booking systems.

DMARC only protects your inbox against fraudulent emails that claim to be from Aarhus University. You still have to keep an eye out for any signs of spoofing from other organisations and companies, as well as for phishing emails in general.

Contact IT support if you have any questions.

FACTS

• Spoofing is fake e-mails in which the sender pretends to be from an organisation you know. Spoofing is related to phishing. Click here to read about the typical characteristics of phishing emails.
• DMARC stands for Domain-based Message Authentification, Reporting and Confirmation, and it is an email authentication system.
• This protects an organisation’s domain against spoofing, phishing and other cyber attacks, for example.
• DMARC is based on the widely used verification techniques SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail).
• DMARC is recommended by the Centre for Cyber Security (CFCS).

LAN cables are often moved in the computer-room. If you temporarily change a cable, please reinsert the LAN cable into the correct port when you are finished.

There has been episodes where the nearest emergency doors to the computer-room are being used (maybe during breaks?): You may not use emergency exits during the day to enter or depart the building, it is only meant to be opened for emergency situations.

AU’s Data Protection Unit has developed a new website on GDPR guidelines for researchers who process personal data in their research.

The website, which is updated regularly, was launched shortly before the summer holiday. Researchers should consult it for information on what procedures they must follow in order to comply with the General Data Protection Regulation: The website contains general guidelines that are applicable to researchers at the entire university.

Brightspace has replaced Blackboard as AU’s learning platform and on 31 October 2021, Blackboard will be shut down for good. You need to download any course content and evaluation reports from Blackboard you want to save before that. Find information on how to do so here.

From October 2021 Pradip Kumar will join the IT committee.

The committee consits of the following members:

• Charlotte Rasmussen (chair)
• Thomas Lund Hansen
• Pradip Kumar

We encourage everyone to provide input: Contact any of us if you experience IT problems, or you require a specific subject to be discussed within the IT committee.

Use the service portal to create new IT cases or follow the progress on ongoing cases.

Use phone 87 15 40 10 for acute IT-emergencies.

Opening hours for showing up in the IT helpdesk and for calling can be found at the NAT-TECH IT website.

Daniel Gjerluf Knudsen is starting as the dedicated IT supporter for Geoscience. For now, we will not have a weekly onsite visit: Physical onsite visits to Geoscience can be arranged individually with IT support.

Geoscience IT committee (including newsletters)

Geoscience IT webpages (including policy for using e-mail and calendar)

AU IT (general service and support pages, with contact-info)

Service portal (follow or comment on your IT cases)

Service information (messages about acute incidents or scheduled maintenance)

AU IT webshop (IT procurement, requires AU network)

AU IT security (including information about GDPR, phishing, data storage etc.)