We are InfoSec: Members of the Information Security Department at KAUST.
Our Mission: To enable you to be a Human Firewall by shielding yourself, your family, and KAUST from today’s cyber attacks.
Cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are constantly getting better at it.
KAUST’s most important asset is its data. It is what drives our mission. Because of this, numerous adversaries and competitors may target our university. The most effective way for someone to compromise our data is through an insider.
An insider is a trusted individual who has ulterior motives against KAUST and its data. An insider can be anyone who works at KAUST, including employees and contractors or visitors on temporary assignment.
What makes an insider so dangerous is that they have trusted access to our information, assets, and resources. Compromising our highly confidential information can be as simple as copying critical data to a portable drive or emailing it out of KAUST.
Anyone in KAUST could be a potential insider.
If you see the following behavior, you should report it to your supervisor or our security team immediately:
- Someone asking for access to information they know they are not authorized to access or someone asking you to bypass our policies or procedures.
- Someone accessing, processing, or transmitting a large number of physical or electronic files out of KAUST when they are not working on any projects that require such information. For example, someone carrying out a large number of file boxes or uploading large amounts of data to a USB drive or an unofficial KAUST Cloud storage system.
- Someone accessing systems remotely at strange hours or coming into the office when no one else is around or when they are not scheduled for work.
- Someone trying to access an unauthorized account, such as a coworker’s computer or work account, or talking you into giving them access to data centers or other secure areas they are not authorized to access.
- Someone who changes his or her behavior or work performance. For example, the person used to be a motivated employee, but now disregards work policies, shows up to work late, is falling behind on assignments, is withdrawing from or avoiding work interactions, or conversely, argues with supervisors or brags that they could cause harm to our organization.
In order to minimize the impact of an insider threat, please take the following steps to help protect yourself and KAUST:
- Only give people access to data that you are responsible for and only when it is required for their job function. Accesses must be reviewed on a regular basis.
- Store sensitive information in appropriate locations, such as a locking file cabinet or approved, encrypted drives, while using established processes. Only allow authorized people should have access to sensitive information.
- Always lock your computer, workstation, or office, even if you will only be away for a short time.
- Never share your password or access credentials with anyone, including your supervisor. If you ever share your password with someone, you will be responsible for their actions.
The insider threat is a real and ever-growing problem. You never know who could be causing harm to our organization, so always be on the lookout for suspicious behavior. If you ever have any concerns or questions, please contact the security team.
Now is the time to be a Human Firewall!
If you haven’t already done so before, you can logon to humanfirewall.kaust.edu.sa and learn more by going through our eLearning courses.
You can also reach out to us to attend our monthly security awareness sessions to learn the latest tricks cyber attackers are using and how you can spot and defend against them.
KAUST Information Technology
We make IT happen!
it.kaust.edu.sa
