CASE STUDIES
CASE STUDY 1
Baja Call Center, Tijuana, MX. (Images used with permission)
A large, well-known call center located in the heart of Tijuana, Baja North, Mexico; Baja Call Center was in search of a method to differentiate themselves against their competition in the call center industry and better position themselves to capture the business of clients in highly-regulated industries such as healthcare. As part of this effort, they identified the need to baseline their organization’s security posture against industry norms and begin the process of formalizing HIPAA and PCI compliance.
Baja Call Center contracted with Tier 1 MX to perform discovery and planning in conjunction with their internal IT department to begin implementations of changes to their internal technology, process, and legal direction with respect to security compliance.
In pursuit of this work, Tier 1 MX performed preliminary internal vulnerability assessments and external penetration testing; phishing as a service; dark web monitoring; contract, policy, and procedure reviews; creation of an Incident Response Plan (IRP) and Written Information Security Policies (WISP); conducted Tabletop Exercises with the new IRP; assisted the internal IT team in execution of mitigation; and then re-ran internal vulnerability assessments and external penetration tests a second time to measure effectiveness of said mitigations.
Overall, the work performed was a great success and ushered in a new era of improved security awareness and competence within the organization.
Baja Call Center is a great example of what a security-minded organization can achieve with a little bit of help from an outside security firm. Security isn’t a one and done proposition. It is an ongoing process, and we are grateful to be a part of BCC’s security journey.
If your organization is looking to capitalize on achieving in-roads to new industries that are highly regulated, reach out to Tier 1 MX today.
CASE STUDY 2
Unnamed Organization (Organization X), Baja North, Mexico
Through an internal audit, Organization X discovered potentially harmful and/or illegal network traffic traversing their internal network. The internal traffic was identified as TOR (The Onion Router) traffic; which is often associated with network traffic attributed to browsing the dark web. Upon further investigation, the network traffic was identified as coming from a company-issued device attributed to a user in the IT department who had administrator privileges. Furthermore, upon seizing the device, it was discovered that the unauthorized traffic caused by the device was caused by a TOR network server node being installed on the device; indicating that not only was the device browsing the dark web, but it was acting as a gateway for people not associated with the company to access the dark web using company resources.
These findings caused a significant amount of concern within the organization, considering the unauthorized activity put the company in potential jeopardy with the law, a potential rogue/malicious administrator, potential reputational damage, and potential damage to company resources from adversaries entering the company network via an unauthorized gateway. Furthermore, the hiring practices, policies and procedures of the company, and ability of the company to hold the employee accountable for the unauthorized activity was unclear. This was a situation which Organization X had never faced before.
Organization X contracted with Tier 1 MX to help clean up and lock down the network; improve policy, procedure, and contracts; and prevent further possibility of business/reputational damage due to unauthorized usage. A change in staff was instituted at the same time.
In pursuit of this work, Tier 1 MX performed preliminary internal vulnerability assessments and external penetration testing; phishing as a service; dark web monitoring; contract, policy, and procedure reviews; creation of an Incident Response Plan (IRP) and Written Information Security Policies (WISP); conducted Tabletop Exercises with the new IRP; assisted the internal IT team in execution of mitigation; and then re-ran internal vulnerability assessments and external penetration tests a second time to measure effectiveness of said mitigations.
Overall, the work performed was a great success and ushered in a new era of improved security awareness and competence within the organization.
Organization X is a great example of a potential disaster mitigated at just the right time with a little bit of help from an outside security firm. We are grateful to be a part of Organization X’s security journey.