Mobile Device

What Is It?

Mobile devices are portable electronic computers, the most common of which are smart phones and tablets. However other specialist devices that are able to roam anywhere with a user, such as surveying / diagnostic tools with computing functionality for example would be classed as a mobile device.

Why Assess It?

There are many reasons to conduct a mobile device security assessment, five of which are below.

Secure Assets

Your organisations devices roam with your teams. This means they can be left unattended in places that do not offer the same security as your offices. Your organisation still needs to be able to protect the device and in the event it is stolen needs to be able to securely sanitise your data from it alongside attempts to recover it.

Protect Organisational Data

Even when the device is in the authorised users hands, you still need to ensure data is handled securely and appropriately. Every organisation has a responsibility to ensure they can comply with the various data laws, including where certain types of data is kept. Through conducting a security assessment, you can be confident that you have taken control of your data on the device and have impeded even the accidental uploading of sensitive data to unauthorised cloud services.

Enhance Incident Response Ability

Mobile devices are deployed far and wide in an organisation and can be an effective mechanism for an early waring system of a pending attack. If your teams suddenly start clicking links in a text message they have received, then robust device security will both stop the attack and also allow you to be alerted so you are prepared.

Secure Connectivity

Mobile devices can communicate with networks over a variety of mediums. Conducting a security assessment allows you to gain insight into which ones are in use and secure the appropriate channels so you protect your data in transit as well as attest to the status of the device securely.

Empower Users

Using mobile devices can help users to be more efficient. With the right assurances on the risk posture and knowledge of the effectiveness of your cyber defences, you can be confident in empowering your users without fearing users bringing their own device into your organisations network.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your mobile device security assessment and we do this by:

Device Configuration and Management

We do not just look at the devices configuration but also how it is enrolled into any management system, giving you a wider picture of the risks posed and allowing us to identify more nuanced risks.

Threat Actor Simulation

A devices configuration allows us to see where security weaknesses may be, but we supplement this by simulating genuine threats to provide accurate risk insight. This allows us to find the edge cases that are not overtly covered in the configuration deployed but still have a tangible effect on your security posture.

Map Remote Access

A device is not very useful unless it can access your organisations networks and work with data. As part of the mobile device security assessment, we look at how it connects back to you and if this access can be migrated from the device to another platform or if a breach of the devices security itself could yield further access for example.

Physical Vulnerability

Mobile devices are physical objects. They have ports which facilitate peripherals and we ensure that we factor in the effects of these on your security. We also look for known architectural risks that cannot be patched such as the “Checkm8” vulnerability in certain models of Apples iPhone that cannot be remediated due to architectural constraints for example.

Factoring in Other Controls

The risk between different devices is not the same, a smartphone roaming the world with a senior individual in the organisation is likely to face a very different threat profile to a tablet that supports your reception to book in visitors. We pride ourselves in understanding the bigger picture, both to ensure no false positives are reported but also to ensure we report the right findings at the right severity with the right advice, every time.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top