Over the last couple of weeks, we have been working on a case where a law firm, our client, needed security implemented for one of their clients involved in a litigation case spanning several jurisdictions – the case has been ongoing for some time. During that time, the key individual has been subjected to threats, intimidation, blackmail and multiple hacking attempts.
Initially, our involvement in the case started as a request for ‘secure mobile devices.’ However, our involvement quickly evolved once we became aware of the issues that were far more serious than initially briefed. As we’ve stated in previous posts, with the boom in technology, it’s not just about protecting the ‘spoken word,’ – that’s just one security layer, and you need to ensure all the other layers are secure, be it cyber or physical. If one layer is weak it will impact the others and make them vulnerable.
After thoroughly defining the issues, we identified and procured the best secure mobile solution for the client to allow him to communicate confidently with several of his colleagues. The devices were not only hardware encrypted but were also software encrypted, ensuring that everything on the device was secure as it could be and all data leaving the device was also encrypted – which in turn lowers the risk of data exfiltration if the handset was physically attacked or via a man-in-the-middle attack. Of course, nothing is 100% secure; however, with these phones now being utilised with a robust user protocol, it certainly lowers the client’s risk.
We also procured and set up several other items for the client, including a secure laptop. In addition, a TSCM inspection was carried out of the client’s office/residence, and all his devices were checked for comprise. The residences physical security was also reviewed, highlighting several vulnerabilities requiring the main access point to be upgraded and CCTV installed. We also provided the client with one of our ‘travel kits’ – these enable the client to carry out basic compromise checks (post-training) in places such as hotels.
This case is an excellent example of needing to understand and assess a problem thoroughly. Yes, we could have just provided the client with secure mobiles and left it at that. However, mobiles were only part of the bigger-picture solution. With them in place, multiple avenues were still available to a determined individual/group to target and attack our client. They all needed to be assessed and, where necessary, hardened – it all comes back to not forgetting the basics and ensuring all the layers of security are considered and hardened; the criminal will look for the weakest area and attack it.
Have a great weekend all
#SecureMobileDevices #CyberSecurity #TSCM #PhysicalSecurity #CCTV #LitigationSupport