The Hero of the Story:
CISO
CISO for Pharmaceutical Company
14 Person Executive Team using Personal Devices for Work
Growing Cyber Risk Targeting Intellectual Property
The Problem
CISO was struggling with executives using personal devices for company work, leading to cases of identity theft and more.
Executives were pushing back on the company extending protection into their home and on personal devices.
Intellectual property and company data was leaking outside the company controls.
Shortly after starting the new digital executive protection project, the executive team was compromised with identity theft.
The CISO needed to protect the executives
to protect the company
BlackCloak’s
Guidance
We developed an actionable, four-step plan to help the CISO get buy-in from the executive team and enhance the company’s security posture.
Buy-in
Garner buy-in from the executive team for a digital, personal executive protection program that meets corporate standards for cybersecurity — while at the same time, overcoming their objections of giving up control of their own devices and their privacy.
Implementation
- Put a holistic program in place that secures the company through:
- Hardening privacy on all personal devices and accounts to prevent social engineering.
- Protecting personal devices
of executive team. - Identifying and remediating vulnerabilities on home networks.
Roll-out
Roll new program out with quick, efficient meetings to ensure executives are not taken offline or away from work for unnecessary periods of time.
Remediation
Remediate the new, recent identity theft issues.
Putting the Plan into Action
The CISO accelerated the project schedule and immediately got all 14 executives onboarded with BlackCloak. As a result, we immediately guided the executive team on how to report the identity theft and file fraud alerts, and implement credit freezes to protect their credit and identity, sparing the CISO from this role. The CISO worked with BlackCloak to roll-out the larger project, which included:
Internet Data Broker Removal to prevent social engineering of executives to get at corporate infrastructure
Protect Executives’ Personal Mobile Devices and Computers to detect and remediate malware and other vulnerabilities that could expose corporate intellectual property
Weekly Home Network Scans to determine vulnerabilities on router, in home automation systems and in security camera systems
With BlackCloak’s guidance, the CISO made the program roll-out as frictionless as possible, creating short onboarding meetings to empower executives with total control over their accounts and their program participation.
The Results
Secured devices, remediated threats, protected company
The CISO took control of their security and protected the entire company as a result. With help from BlackCloak, they stopped the bleeding of identity theft quickly without draining the company’s resources. They helped remove data broker information, change exposed passwords, and put credit monitoring in place. Now, executive personal mobile devices and computers have BlackCloak installed and existing malware has been remediated. Home network scans have been completed and vulnerabilities have been patched. Because the identity theft was remediated immediately, the risks of having to file disclosures with the SEC or announce publicly have been mitigated. The CISO didn’t only protect the company, they earned the appreciation of the entire executive team without invading their personal lives or removing their control.
