Data could be obtained from stolen or lost devices and be used against your company. Any data accessible on the lost device, such as files, usernames or cached passwords could assist a malicious user to target you or your organisation.
We offer a review of any laptop of device to simulate what information could be obtained from lost devices, such as laptops, mobile phones and tablets.
Lost device testing typically includes:
- Encryption review – can any data be read from the hard disk
- Physical review – can the device be compromised via the USB, CDROM, Firewire or Thunderbolt connections
- Mobile or tablet device review - what information can be obtained from the mobile device
We can also review the deactivation process used for lost or stolen mobile phones using MDM software. We can run the lost device procedure and then inspect the mobile device to ensure the device does not contain any user information.
Lost device reviews can provide assurance that the devices or system have been configured in line with security best practice to ensure no information could be obtained from a lost company asset.
Lost device testing will enable you to:
- Manage vulnerabilities for end user devices
- Avoid extra cost and reputation damage from a lost device
- Provide evidence of compliance with regulatory and certification standards
- Provide assurance to customers and suppliers that their data is secure
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
A typical penetration test normally targets a group of systems or applications and does not always include a detailed configuration build review of the system or device itself.
Penetration testing tends to look for vulnerabilities across multiple systems, whereas a lost device review is a detailed review of a specific system or device and it's settings are manually compared to industry best practice recommendation benchmarks with a focus on what information could be obtained if the device was lost or stolen.
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that lost device reviews or testing should be conducted when deploying new devices or systems into the organisation. This gives assurance that new devices or systems being issued to staff, are securely configured and do not put any company information at risk if the device becomes lost or stolen.
Lost device review prices are based on the number and type of system that are required to be reviewed, therefore there is not an off-the-shelf price for a lost device review.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full lost device review report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed technical findings - A complete list of all issues identified
- Policy compliance - A list of all non-compliant settings compared again industry recommendations
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.