In this blog post, we discus the complex challenge of proper data collection for executive protection – physical and cyber.
When it comes to monitoring assets through alternative methods such as public content, analysts need to create a layered approach to data collection that scales and is “future proof.” Without this approach and level of data coverage, you run the risk acquiring noisy data that has no correlation to your protectee or you’ll end up with something far worse than poor coverage – blind spots with a false sense of security. Using a logical design of DigitalStakeout Scout folders and monitors, apply this data collection approach for any individual you want to setup for protection.
The 5 Essential Steps You Have to Cover in Scout for Executive Protection
1. Monitor for Personal Information (PII) & Unique Identifiers
The most attributable information about your protectee is PII. You should always make mentions of your protectee’s known email addresses; phone numbers and physical addresses a priority to detect and take down. Depending on the breath and depth of the security requirements, you may also want to add other public record identifiers that can be directly attributable to your protectee. One simple example of such an identifier would be the tail number of a jet. To setup monitoring for PII, add all those items into a Person Monitor in Scout. The Person monitor will cover all supported sources across the surface web, public social media, deep web and dark web DigitalStakeout supports.
2. Monitor by Screen Name and Nickname
In many cases, online posts (engagement) will be mentioned by screen name and not by your protectee’s actual name. Build an inventory of all the known digital assets your protectee has on social media. Focus on common social networks such as Twitter, Facebook, Instagram and work on less common properties. Use Canvass to run the screen names to assure you have a full inventory of social media properties associated to your protectee across 750+ common social media sites. Once you have a full inventory of screen names, add those unique screen names to a Person Monitor in Scout.
3. Monitor by Social Application
Once you have an inventory of social media properties, integrate the applicable social media properties with Application monitors. With this tight integration, you have real-time visibility into your protectee’s Facebook Public Page or Twitter mentions and replies to your protectee’s social media posts. Make sure you follow DigitalStakeout documentation and the rules for Application monitors.
4. Monitor by Place & Location
In many cases, monitoring social media by location provides the necessary context to focus on a small geographic area where your protectee is present. While location-based social media posts will only be a small percentage of posts of all available posts, they can provide valuable insight to a variety of risk events. You’ll be able to filter mentions of your protectee inside the location to reduce noise inside the geo-fence. Using Location Monitors, setup geofences over the locations where a pattern of life can be established or any place your security requirements warrant monitoring. The locations you setup should be properties associated to your protectee by personal ownership or organizational ownership.
5. Monitor by Brand, Product and Topic (Configure Once)
As we described in steps 1-4, you now have to repeat the same steps for each major company name, brand and product name, hashtags and topics that are affiliated with your protectee. This will allow for a complete and thorough view of the organization’s footprint. Once you have the organization footprint established for your first protectee, you then can add and augment as needed for other protectees.
“Domain Specific” Coverage is Essential to an Executive Protection Design
As we’ve described, there are many steps required to setup complete visibility for threat monitoring for just one protectee. If you need assistance from our team, please contact us and our services team can design, configure and test to your specific needs. If you deploying on your own, understand that without this level of thorough coverage over a multitude of data channels and specific sources, you will run the risk of being blind-sided by a risk event, be unaware of an exposure or lack the data visibility to properly acquire situational awareness pertaining to physical and cyber threats.
Whether you are using DigitalStakeout Scout to perform this activity or you are evaluating solutions for this type of protection, it’s very important for you to have a very clear understanding of what data is truly being evaluated for detecting threats. You must be able to lay eyes on the raw underlying data that is the basis for threat protection and risk analysis.