Though not as common, physical attacks against our information can have a huge impact.
With on-going advancements with the internet and related technologies, much of our security defenses focus on cyber attackers. We must continually remind ourselves not to forget the physical world.
Sometimes it may be easier for someone to simply walk into one of our facilities and search through our garbage cans and physically steal information. Though physical attacks against our data may be less common or less expected, they can have a far greater impact when they do happen.
Cyber-attacks are the most common attack against your data and KAUST, however always be aware of possible physical attacks.
The following tips can help protect you and everyone else at KAUST against physical threats:
Disposing of Confidential Documents
One of the easiest ways for someone to steal confidential documents is to look in our garbage. By simply looking in our dumpsters, an attacker can find a treasure trove of sensitive documents. In fact, this attack has become so common that there is even a term used to describe it: dumpster diving. This is when a criminal (often at night or while pretending to be a janitor) will search through garbage to look for sensitive documents. Always ensure you dispose all confidential documents in designated shred bins designed for collecting and securely disposing of sensitive documents. This ensures the documents are shredded and destroyed.
You are your KAUST ID
Your KAUST ID gives you access to all the resources you need access to. In the wrong hands, this could be a risk. It is important to protect all ID badges, access cards, and keys, as they are valuable to an attacker. Only authorized personnel must be allowed access to KAUST facilities. If possible, wear your KAUST ID at all times and make sure it is visible. If you come across someone you haven’t seen before and are not sure if they belong in a facility, always report to authorities. Another common risk is when someone walks through a secured door behind you without using their ID badge. This is known as drafting or tailgating. Stop the person and explain to them they are required to use their own ID badge for entry and exit, just as you are required to use yours. If they do not have an ID badge, escort them to the front desk or security so they can check-in.
In addition, make sure that secured doors are kept closed and locked. Doors propped open even for a few minutes can allow criminals easy access to our facilities. In addition, report any doors or windows that do not close properly or have broken locks to physical security.
Secure Your Desk
Unfortunately, members of the KAUST Information Security Office cannot stop all the bad guys. Sometimes an attacker can bypass security measures and gain access to our building. They may pose to be friendly strangers on the lookout for confidential information on campus. To protect against these types of threats, always lock up any sensitive documents in a drawer or cabin and make sure you lock your computer screen when you leave your desk for lunch or even a short break. When done with your work for the day, always make sure no sensitive documents or devices are left out in the open.
Protect Your Devices
You may not realize it, but one of the most common ways your data can be compromised is if your devices are lost or stolen, your devices such as laptops or smartphones. Always double-check belongings and make sure you routinely check on your devices when traveling, such as when you go through airport security, check-out of your hotel room, or leave a taxi or airplane. In addition, make sure all your devices have screen lock and device-wipe enabled. That way, if they are lost or stolen, attackers cannot access the data on the devices.
Pizza Delivery!
One of the simplest ways for an attacker to gain access to KAUST facilities is to pretend to be someone you might trust. For example, a criminal could enter our building pretending to be a pizza delivery person or the copier repair engineer. Since we regularly expect to see such people, we may not feel a need to make sure they have been checked by security. Attackers can even fool us into helping them by asking to open a door for them or answering questions they may have. Always beware of Social engineering attacks.
Bear in mind that everyone in our building should have KAUST identification badge, regardless if they are an employee, student, contractor, or visitor. If they do not have an identification badge, alert physical security personnel immediately by calling (+966) 012-808-0911.
To report incidents in relation to data security, email the Information Security Team at: askinfosec@kaust.edu.sa.
Be a Human Firewall!
KAUST Information Technology
it.kaust.edu.sa