Case Study Two:

The Campaign

Summary:

A campaign manager came to TSG wanting to implement The DNC's Device and Account Security Checklist, with their campaign staff.

The Challenges:

• Train staff on basic password hygiene and implement use of a password manager.

• Train staff and implement us of Multi-Factor Authentication (MFA) on all accounts.

• Secure web browsers, laptops and mobile devices.

Stage 1 - Password Management & MFA

Working with the clients schedule, hybrid onsite and remote training was set for the entire campaign, covering the use of an independently security audited password manager and Multi-Factor Authentication application.

For efficiency, these two steps can be do at the same time.

Stage 2 - Secure Web Browsers

In the next stage, campaign staff was trained to replicate the web browser settings per the campaign’s security needs.

This step makes every browser on a campaign computer identical regarding security settings, extensions and bookmarks.

Stage 3 - Data At Rest

Campaign staff was trained on the encryption and use of USB and internal hard drives.

With these drives encrypted, sensitive documents are protected even in the event the device is lost or stolen.

Stage 4: Secure Mobile Devices

For general staff, training covered hardening security and account settings, review of applications and instillation and use of encrypted communication applications.

For executive staff and the candidate, all mobile devices were replaced with anonymous, multi line devices, with redundant encrypted communication applications.

This step not only mitigates the tracking of executive staff cell phones, but also protects their person contact information.

The Results:

Within a short time, the campaign was able to quickly and fully implement the DNC cybersecurity recommendations, and add additional protection for the candidate from common threats in the current political environment.

With accounts and communications secure, the campaign is able to focus on their tasks and goals.

Remote and secure communication allow timely responses to the challenges faced by a modern political campaign.

Summary:

attention from the press and their CEO was contacted on their personal cell phone by reporters and at their home in a secure gated community.

The Challenges:

• To remove or mask as much of information as possible regarding the executive family and limit online exposure.

• To determine the extent of exposure.

• Institute both short and long term solutions to address the level of exposure.

• To monitor and set a process for reassessments and updates

Stage 1 - Determine the Extent of Exposure

Working with the client, TSG identified the threat level and initiated a digital information sweep of the client, spouse, children and in this case the extended family.

The sweep detailed the extent of the exposure, and the team documented the findings for use in the next stage.

Stage 3 - Reassessment

Once the initial stages were done, TSG worked with the client to re-examine data exposure on a quarterly or semi-annually basis. This includes an information sweep to look for new or repopulated personal data.

The Results:

TSG was able to remove the client’s and their family’s personal information and is working to insure no new exposure.

This service varies from client to client, but the value in knowing these precautions have been put in place to help protect their families is without measure.

Note: This is a process and does take time. We suggest it be started before the initial campaign is underway, as this data has been compiled over years, it takes time to remove it effectively.

Service Summary Downloads

Stage 2 - Data Removal

This stage has several steps:

• The team reached out to digital online data bases individually to request removal of the clients existing data.

• Detailed methods with client to keep new data from being created.

• Anonymized and secured communication platforms.

• Removed home and vehicle data from publicly available data bases.