Lost or stolen device assessment

Mobile devices are more prevalent in our lives than ever before. Ensure you’re not introducing additional risk alongside improved mobility.

When these devices are lost or stolen, it is vital that this doesn’t present a risk of data loss or unauthorised access to your network and data.

This service is a test to determine how much information can be gained from a lost device.

This ranges from almost nothing (which is unusual for laptops in particular) right up to all the information held locally, including details to achieve remote access to a company’s internal infrastructure.

A lost or stolen device assessment is usually based on everything in a typical laptop bag, including all the information that would be found alongside the laptop.

The scope is something that can be discussed over a review call and tailored to each client’s requirements.

The best test is to simulate a real-world scenario, rather than to analyse a laptop that has been separated from its owner, had its post-it notes removed, notebooks retained and anything else which would aid an attacker is trying to gain access to the device, network and data.

Smartphones and tablets usually present less risk than a laptop if properly secured but we check that the right configurations are in place.

Analysis and exploitation

As the assessment commences, analysing the findings and attempts made, where safe and permitted, to exploit any vulnerabilities discovered.

If access is gained to the device, attempts may be made to access key systems on the internal network, over a VPN or any other discovered remote access gateway, using stored credentials.

Lost or stolen device assessment overview

The following are assessed in this exercise:

  • Insecure storage or recording of passwords
  • Cached or unlocked credentials
  • Missing security patches
  • Boot process analysis
  • Device/disk encryption
  • Password brute force attack/weak password policies
  • Sensitive data disclosure
  • Information leakage
  • Local security policy circumvention
  • Multi-Factor Authentication (MFA)
  • Mobile Device Management (MDM)

Discover how we’ve helped leading organisations

READ OUR CASE STUDIES

RECENT UPDATES

TIPS

Is bringing your own device to work a bad idea?

As ‘Bring Your Own Device’ or BYOD rises in popularity, with more than two-thirds of us using a personal device at work, it’s important for businesses to understand the security risk that this can pose.

TIPS

What is attack path management?

In a world where identities are the new security perimeter, compromising identity platforms like AD and AAD provides the greatest payoff for attackers, ultimately giving them control of all users, systems and data within the organisation.

TIPS

.ZIP domain registration: A risky gateway to nefarious outcomes

In the ever-evolving world of cybersecurity, understanding emerging threats is critical to maintaining a robust defence. One trend currently attracting attention is the registration of .ZIP domains.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
Manchester office

The Sharp Project
Thorpe Road
Manchester
M40 5BJ

LET’S TALK