Information Security Presentation for Remote Workers:   In response to the threat of coronavirus (COVID-19), most if not all organizations have dispersed their workforce and have authorized their staff to work from home.  In these uncertain times our colleagues and their families remain focused on their personal and family safety against the threat of coronavirus.  Meanwhile their vigilance in securing the platforms they use, their personal information, and our organization may or may not be up to the task.  From video streaming, use of Zoom meetings and other collaboration tools, from sending and receiving organization emails, to our use of the internet, we need to remain just as focused on IT safety and security at home, as we would be in the office. 

Key deliverables included in this training will include:

• Compromises of web-based conferencing tools e.g. “Zoombomb”
• Hijacking of web cams
• Infiltrations and unauthorized access to sensitive information
• Brand and Reputation attacks
• Malware attacks
• Phishing themed “coronavirus” emails or scams targeting remote workers

Each bullet point below will be explored in detail during the presentation:

• Understand the threats
• Reduce the “Attack Surface” through systematic and disciplined mitigation efforts
• Practice better information security
• Deploy and implement technical countermeasures
• Recognize and report incidents
• Investigate incidents at organizational level

Senior Leadership Web Presence Assessment:  Our analysts develop a detailed Protective Intelligence Brief  which inventories content scraped from:

• Main-stream and non-traditional media, news and social media platforms
• Surface web content (generated by search engine results)
• Deep and dark web sourcing

Key deliverables included in the Web Presence Assessment:

• Content from historical search engine results in Arabic, Chinese, English, and Russian 
• Social media mentions as well as data disclosures in paste bin and dox bin sites
• Results of image sharing platforms, deep web repositories and dark website queries

Digital Privacy Workshop:  Offered to individual executives, senior leadership teams, and groups of employees and volunteers; these vital workshops increase the privacy, safety, and security of attendees by increasing digital privacy awareness.  Personal Concierge Service is available for executives and their family members.

Key deliverables include:

• An Information Privacy and Security presentation that explains methods and extent of the collection of sensitive personal data
• Hands-on workshops that enhance attendee online privacy and security before they walk out the door
• Digital security aware employees which understand:
  • The threats posed at work and at home by the wide-spread presence of their Personally Identifiable Information (PII) on the internet
  • How to manage and configure end-of-line devices to reduce information security vulnerabilities and data leakage arising from uninformed use of communications platforms, social media and other popular applications and poorly maintained cell phones and smart devices

Personally Identifiable Information Identification and Removal Services:  This two-phase process identifies the presence of an Executive’s Personally Identifiable Information (PII) available on the internet, then follows a structured proprietary process to remove the identified content.  Adversaries, opposition media, and unstable persons can use PII on its own or with other information to identify, contact, or locate a person.  In extreme cases, executives targeted using PII become the focus of doxing, swatting, and other attacks designed to cause harassment, intimidation, or harm.  Because of the nature of PII disclosures, potential harm (such as doxing or swatting) is most likely to manifest at the executive’s home.

Phase I deliverables include:

• An exhaustive search of the internet using four search engines and a deep website database
• A comprehensive, searchable listing of PII availability on over 500 data broker sites. The second phase removes the identified content from these data brokers websites and search engine results.

Phase II deliverables include:

• Removal of identified PII content from data broker websites and search engine results
• Periodic monitoring for six months from completion of the deletion process 

PII Surface Identification and Removal Workshops:  These workshops function as a guide to creating a “Self-help PII Identification and Removal Program.” As opposed to a highly detailed Identification and Removal Service performed by a seasoned protective intelligence professional, these workshops teach staff and team members how to:

• Assess the availability of their PII on the surface web (search engine results)
• Use self-help processes to remove their PII from major data warehouses most widely available and most likely to cause a compromise 

Alt-Right - White Hate Database:  This unprecedented database provides our team with the ability to search over 350 white nationalist and white supremacy-related websites, blogs, and forums. Using a proprietary technique, our protective intelligence team inventoried virtually every white hate site used by extremists to share information and inspire new and existing white supremacists. This data set is the most in-depth in the industry.  Clients can benefit from this unparalleled tool in several ways:

1. Existing Mentions Report:  On demand, our analysts can query this  one-of-a-kind data set for white supremacy content that mentions the organization, its programmatic activity, organizational ideology, as well as running name searches for organizational leaders and staff.
2. Incident Response and Periodic Updates:  At regular intervals, or in response to new threats or other stimuli, our analysts can query the most complete white supremacy digital universe for white hate responses or new extremist      content.
3. On-going Monitoring:  Based on need or client appetite for peace of mind, our analysts can run daily, weekly, or monthly reports containing all mentions of the client, its operations, its leaders and  staff.

Key deliverables include:

• Detailed results of each inquiry provided in a searchable .pdf report.
• On-demand analysis of the content including threat analysis and recommended mitigation strategies by:
  • Specific incidents or periodic inquiries
  • Individual staff member or leader
  • Organization or program