The workstation, be that a desktop or a laptop, is one of the many points of entry that need to be considered when reviewing corporate security and potential weaknesses.
A poorly configured desktop could allow an employee to self-configure the security settings, apply or ignore patches leading to an avoidable security incident. The desktop could also be a target for a malicious employee or contractor to launch an internal attack or remove business critical data from the network. It could also be one step in a chain of events following a physical breach of your premises that could lead to a security incident.
What about any Thin Clients being rolled out? While they provide a great method of centrally managing the desktop interface for employees if there is a flaw or vulnerability inherent within the roll out this will be pushed to each and every user, increasing the chances that it may be exploited and cause problems further down the line.
What about the devices that do not physically reside within your premises? The laptop provides great flexible working solutions for office based and field based staff but are these laptops providing an easy route in to your network for malicious parties? If one of your laptops was lost or stolen how confident are you that yours will not be the next name to hit the headlines?
If you have assessed the desktops, laptops and thin clients, have you considered the removable media? Are you using suitable encryption levels for the data in question? How do you manage removable media? All questions that need to be considered if you are working towards ISO27001, PCI DSS or Basel II and our consultants are well placed to assist in any security and policy review associated with these areas.
Securing these devices is not just about protecting the data your business deals in from theft or the network from intrusion but the reputation of the business and the goodwill of your customers.
Any comprehensive security review will touch on these aspects but a dedicated security assessment of a standard build laptop or a new desktop rollout is nothing short of good practice.
To find out more about the specific areas we can provide please contact us and we will be happy to discuss any areas of concern or specific projects with you.
I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.
Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.
We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...
I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.
The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.
On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...
NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.