An employee within the IT Department of a financial services firm was overheard discussing a very sensitive program, only known to the Executive Team, in the break room by the Executive Assistant of the CEO. The discussion also revealed that this employee had also recently begun working unusual hours coming in very early or returning to the office late in the evening.
Red Five was brought in to conduct a Cyber Audit and Technology Review (CATR) as well as an overnight Technical Surveillance Countermeasure (TSCM) sweep. A CATR was done to assess the cyber security posture of the C-Suite’s networks and devices which revealed nothing unusual. The TSCM sweep of the Executive office space and conference rooms uncovered a small recording device readily available online in the drop ceiling above the CEO’s desk. The device was analyzed, and subsequently an interview of the employee ensued at which time the employee admitted placing the device and was ultimately terminated.
Red Five’s final report included recommendations to ensure the privacy of the C-Suite. These included making sure the C-Suite’s offices remained properly secured when not in use, that the areas above the drop ceilings be partitioned to prevent the placement of transmitting devices from outside the rooms and that TSCM sweeps of the Executives Office space be conducted quarterly.