Case Studies & Resources
Case Studies
Case Study One:
Public Office Candidate
Summary:
A candidate for political office came to TSG with concerns about the ease of access to their online information. Access to their home address, phone numbers, private email addresses, spouse’s workplace and children’s school location was of concern given the current events.
The Challenges:
Determine the extent of exposure.
Remove or mask as much of information as possible regarding the candidate and family to limit online exposure.
Monitor and set a process for reassessments and updates.
Stage 2 - Data Removal
Stage 1 - Determine the Extent of Exposure
This stage had several steps:
The team reached out to digital online data bases individually to request removal of the clients existing data.
Detailed methods with client to keep new data from being created.
Anonymized and secured communication platforms.
Removed home and vehicle data from publicly available data bases.
Working with the client, we identified the threat level and initiated a digital information sweep of the client, spouse, children. It this case the extended family was included.
The sweep detailed the extent of the exposure and the team documented the findings for use in the next stage.
Stage 3 - Reassessment
Results:
TSG was able to remove the client’s and their family’s personal information and is working to insure no new exposure.
This service varies from client to client, but the value in knowing these precautions are in place to help protect their families is without measure.
Note: This is a process and does take time. We suggest it be started before the initial campaign is underway. This data has been compiled over years, does takes time to remove it effectively.
With the initial stages done, TSG worked with the client to re-examine data exposure. This is done on a quarterly or semi-annually basis.
A reassessment sweep will show any new or repopulated personal data.
Case Study Two:
The Campaign
Summary:
A campaign manager came to TSG wanting to implement The DNC's Device and Account Security Checklist, with their campaign staff.
The Challenges:
Train staff on basic password hygiene and implement use of a password manager.
Train staff and implement us of Multi-Factor Authentication (MFA) on all accounts.
Secure web browsers, laptops and mobile devices.
Stage 1 - Password Management & MFA
Working with the clients schedule, hybrid onsite and remote training was set for the entire campaign, covering the use of an independently security audited password manager and Multi-Factor Authentication application.
For efficiency, these two steps can be do at the same time.
Stage 2 - Secure Web Browsers
In the next stage, campaign staff was trained to replicate the web browser settings per the campaign’s security needs.
This step makes every browser on a campaign computer identical regarding security settings, extensions and bookmarks.
Stage 3 - Data At Rest
Campaign staff was trained on the encryption and use of USB and internal hard drives.
With these drives encrypted, sensitive documents are protected even in the event the device is lost or stolen.
Stage 4: Secure Mobile Devices
For general staff, training covered hardening security and account settings, review of applications and instillation and use of encrypted communication applications.
For executive staff and the candidate, all mobile devices were replaced with anonymous, multi line devices, with redundant encrypted communication applications.
This step not only mitigates the tracking of executive staff cell phones, but also protects their person contact information.
The Results:
Within a short time, the campaign was able to quickly and fully implement the DNC cybersecurity recommendations, and add additional protection for the candidate from common threats in the current political environment.
With accounts and communications secure, the campaign is able to focus on their tasks and goals.
Remote and secure communication allow timely responses to the challenges faced by a modern political campaign.
Case Study Three:
The CEO
Summary:
attention from the press and their CEO was contacted on their personal cell phone by reporters and at their home in a secure gated community.
The Challenges:
To remove or mask as much of information as possible regarding the executive family and limit online exposure.
To determine the extent of exposure.
Institute both short and long term solutions to address the level of exposure.
To monitor and set a process for reassessments and updates
Stage 1 - Determine the Extent of Exposure
Working with the client, TSG identified the threat level and initiated a digital information sweep of the client, spouse, children and in this case the extended family.
The sweep detailed the extent of the exposure, and the team documented the findings for use in the next stage.
Stage 3 - Reassessment
Once the initial stages were done, TSG worked with the client to re-examine data exposure on a quarterly or semi-annually basis. This includes an information sweep to look for new or repopulated personal data.
The Results:
TSG was able to remove the client’s and their family’s personal information and is working to insure no new exposure.
This service varies from client to client, but the value in knowing these precautions have been put in place to help protect their families is without measure.
Note: This is a process and does take time. We suggest it be started before the initial campaign is underway, as this data has been compiled over years, it takes time to remove it effectively.
Service Summary Downloads
Stage 2 - Data Removal
This stage has several steps:
The team reached out to digital online data bases individually to request removal of the clients existing data.
Detailed methods with client to keep new data from being created.
Anonymized and secured communication platforms.
Removed home and vehicle data from publicly available data bases.