Indispensable in the mobile workplace, smartphones, tablets and laptops allow your employees to be productive any place, any time. But if one of these devices is stolen, hackers have direct access to some of your most sensitive systems and data.
The Stolen Device Assessment will help you understand those risks, and how prepared you are to deal with them. Our consultants will simulate a cyberattack using a ‘stolen’ device, analysing the performance of your defences and processes in dealing with this all-too-common occurrence.
A stolen device is a security backdoor
Stolen devices make it simple for hackers to gain access to secure resources because the system is already trusted. Many use cached credentials to log in to the corporate network, giving attackers an instant foothold and reducing the time and effort required to break in.
Devices store data
Mobile devices typically store data locally, some of which may contain sensitive details. Stealing a device may provide hackers with access to valuable IP or expose personally identifiable information (PII) in breach of the GDPR.
Assess encryption and sandboxing provisions
Measures like disk encryption and app sandboxing can secure locally-stored data – if it has been deployed and maintained correctly. A stolen device assessment will investigate the efficacy of your data security measures.
Initial tests will focus on breaking into the stolen device itself. Our consultants will try to extract PII and other sensitive data directly from the local storage.
Cached credentials and passwords provide authorised access to your network. We will attempt recovery of these details from a ‘stolen’ device.
Using a ‘stolen’ device, our engineers will breach your network. Penetration testing allows you to assess how effective security provisions, and which data stores and applications are most at risk.
Mobile security planning
As well as exposing vulnerabilities in your existing mobile environment, our report will help you plan for the future. Our consultants will also help you plan the necessary safeguards to protect your network as it evolves and develops in future.
Penetration testing reveals your most sensitive network vulnerabilities – so you need a partner you can trust. Fidus Information Security are an NCSC CHECK Green Light and TIGER scheme approved consultancy. Our cyber security experts hold some of the most recognised certifications in the industry, including CREST Certified Tester and Senior Security Tester. Fidus is also a Cyber Essentials verified company. Every assessment we perform is carried out according to UK industry approved methodologies (OWASP, PETS, NIST) along with our own internal testing frameworks.
More than just identifying security vulnerabilities, our cyber security experts are on hand to help you fix them too.
Certified Security Consultants
Our CREST and TIGER approved team holds a range of industry-leading security certifications including OSCP, CCT, SST and CISSP
Easy to Understand Reports
We’ll ensure that your executives and technical teams properly understand our assessment findings using plain-English reporting.
Fixed Price Proposals
The price you’re quoted is the price you’ll pay. Our quotes are broken down into a detailed costing table so you know exactly what to expect.
Other approaches we've witnessed have included convoluted steps and commonly ends with incorrect information being handed to the consultant assigned to the engagement.
Our approach to security involves a qualified security consultant through the entire process to ensure quality, accuracy and consistency.
Introduction Fidus’ R&D team identified a vulnerability within Virgin Media Super Hub 3 routers that permitted for exfiltration of sensitive information remotely, which, among other things, can be used to determine the actual, ISP issued IP address of VPN users. A vulnerability we were asked to hold back from releasing for a whole year. A […]
Introduction Quiplash – a game full of wit, banter and borderline acceptable humour… and security consultants on a lunch break. To set the scene, the date was 19th February 2020 and the mood was cheerful in the Fidus office. Lunch had just been delivered and today was the day that Mario Kart was not going […]