CYBERSECURITY

As drivers of world-leading innovation, technology is at the heart of everything we do. Cybersecurity is how we protect our technology from unauthorized access and compromise.

AS A COMPANY, WE ARE COMMITTED TO:

• Maintaining the highest standards of cybersecurity, in line with all applicable national and sector-specific regulations, as well as relevant international standards and leading practices
• Creating a cyber-secure environment by putting in place security measures that reduce the risk of a successful cyberattack on us and provide a coordinated response to any incidents
• Empowering NEOM representatives to uphold our cybersecurity standards by raising their awareness of relevant threats and how these can be prevented
• Requiring third-party suppliers to provide reasonable assurance of their ability to adhere to our relevant cybersecurity requirements
• Embedding cybersecurity into our entire service life cycle to ensure that compliance is continuous

AS NEOM REPRESENTATIVES, WE EXPECT YOU TO:

• Beware of phishing and other kinds of ‘social engineering’ designed to trick you into making cybersecurity mistakes, for example by clicking on links or opening attachments from seemingly legitimate sources
• Use appropriate password protection for any files containing sensitive business data, ensuring passwords are secure and regularly updated in line with the guidance set out in our password policy
• Avoid sending external emails containing confidential or sensitive information, and never use cloud storage services to store, alter or exchange company information without the required permissions
• Install only approved software on NEOM devices and ensure the latest security updates are applied to any software being used on our system
• Understand that remote working brings additional cybersecurity challenges and follow all related guidance in our IT Policy when using NEOM devices off-site
• Never use personal email accounts to exchange company information with third parties or forward company related emails to a personal account
• Inform your line manager immediately if you encounter or suspect a cybersecurity breach

Protect your NEOM devices from any kind of physical theft or unauthorized access and report any related incidents to the Cybersecurity Department.

HYPOTEHTICAL SCENARIO: I’ve been working late a lot recently on a new project with some third-party contractors. It’s Thursday night and I’m finally about to leave for the weekend. All I need to do is send some project information to our external partners, so that they can review it first thing on Sunday morning – but the attachments are too big! My colleagues have already left and I’m eager to leave as well, but I can’t figure out how to make my attachments any smaller. Then I remember that my personal cloud storage account allows me to upload files and share them through a link, without the need for any attachments. Great! I’ll send the files that way, then get out of here. It’s the best thing I can do in the circumstances, right?

Wrong. As part of our cybersecurity controls, we never use cloud-based data storage services to upload or share company-related information. Your manager would rather have you do the right thing – if you are struggling to send the materials through our email system due to their size, you should wait for Cybersecurity Department support on Sunday rather than sending the attachments out of compliance with our procedures.

MORE INFORMATION AVAILABLE IN OUR:

• Cybersecurity Compliance Framework
• IT Policy
• Acceptable Usage Standard

However, you can also contact the Cybersecurity Department with any concerns or queries regarding our approach to cybersecurity, or the IT Department for other IT-related concerns or queries.