Fringe defence: identifying devices and protecting your business from cyber attacks  

Here at PAV i.t. we pride ourselves on the knowledge and support we provide to our customers in the fast moving and unpredictable world of IT.  With the rise of the Internet of Things, businesses are now exposed more than ever before to the threats of cyber attacks and online fraud.  Here we discuss how you can ensure you minimise the risks posed by unsolicited fringe devices and keep your company protected.

When it comes to IT equipment, fringe devices aren't always the first things on the radar when it comes to potential security breaches.  However, the hazards they pose lie in both company policy and the potential for unsolicited devices to connect to your online network.   

Fringe devices can range from employees' mobile devices to memory sticks and tablets to printers.  But no matter what they are used for, all fringe devices are susceptible to security breaches and identifying them is key when it comes to maintaining robust defences. 

Identifying the risks 

A combination of automatic discovery and a manual survey should help you to pinpoint all your fringe devices. Those already connected to the network can be picked up by most security software, which can perform some degree of automatic scanning to flag them. This should not be relied on for picking up all devices however, as some may have firewalls that would stop such software from communicating with them. 

In order to ensure that you pin down all devices, cross reference the results of a scan with a manual survey and the automatic discovery results.  Wired products are easier to identify as you can trace the cables back to where they physically connect to. 

Building your defences

A double defence of technology and policy is needed to ensure your devices are protected.  In terms of technology, multiple levels of security hardware and software should be used to close any gaps and make sure there are no single points of failure. Strict processes as to what fringe devices are used for, and have access to, should be adopted and will help to bolster your defences.

Isolating fringe devices onto their own network can provide an easy-to-manage configuration.  By doing this you can control the devices' access to corporate resources and a separate network also ensures they do not interfere with, or infect, core resources if they are compromised.  Lock down workstations, network ports and other entry points into the network will also ensure the risk of attack or infection is minimised.

Ultimately, keeping your security policies up to date, carrying out regular testing and governing the usage of devices are key to maintaining your protection systems. 

Prevention is better than cure

Protecting your company from untrusted and unmanaged fringe devices starts with policy – one that is robust, regularly updated and adhered to.  Each device should have its own strict user policy, particularly employee-owned devices as these are completely uncontrolled by the business.  A clear protocol for updating is key and should be put in place to ensure devices have the latest software and firmware protecting them against possible exploitation and attack. 

Always ask yourself if a device needs access to the network.  If the answer is "no" then they should not be allowed to connect to it.  In the case of those that are, identify and define what they are needed for and document this – that way the correct programmes and tools can be used to defend the network, while ensuring users have the flexibility and access they need for the business to function. 

For more information about how PAV i.t. services can help you safeguard your business, please call us on 01273 834 000.

Author: Jason Fry, Managing Director at PAV i.t. services

ContactCONTACT

PAV i.t. services
Reeds Lane, Sayers Common
West Sussex, BN6 9LS
General enquiries: +44 (0)1273 834 000
Support / service desk: +44 (0)1273 834 433

NewsNEWS

PAV study highlights phishing threat to SMEs
A recent study carried out by PAV i.t. Services in conjunction with one of the UK's leading insurers highlighted that 29% of staff working at Small and Medium Sized Businesses (SMBs) open phishing emails.

Legal firms prime target for cybercriminals warn experts
With 62% of law firms falling victim to cybercriminals in the last year, and only 35% with a mitigation plan in place in the event of an attack, experts are warning that practices need

Security should be top priority for mobile developers to protect consumers
With the recent surge in fake apps tricking consumers out of personal data, experts are warning that manufacturers and developers of mobile devices need to make security a top priority in the design process to mitigate the serious risks posed by hackers.

PAV i.t. hosting free cybersecurity workshop for businesses
PAV i.t. will be holding a free cybersecurity workshop for businesses at Sussex Downs College in Eastbourne on Friday 24th February from 10am to 2pm.

From computer to crash helmet: Andy going for rally car glory
Andy Hollingham, an employee from PAV i.t., will be swapping his computer for a crash helmet when he takes part in the South Downs Stages rally car racing at Goodwood on Saturday 11th February.

From fiction to fact: the cybercrime threats of the future
Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK.

PAV i.t.'s experts examine security breaches at Yahoo and TalkTalk
Big business are not immune to cybercrime: PAV i.t. examines high-profile hacks at Yahoo and TalkTalk

Festive season prime time for IT outages warns PAV i.t.
With the cost of IT downtime, outages and failures costing UK businesses in excess of £12 billion in lost productivity in 2015, PAV i.t. is warning companies to be prepared...

It's good to talk: PAV i.t. urges firms to share their experiences to help in the fight against cybercrime
We regularly discuss the threats to businesses from the online world, and offer our expert advice about the steps firms can take to protect themselves. But despite various awareness campaigns about the threat of cybercrime, it remains a taboo subject

TwitterTWITTER

@PAVITServices
@SophosPartners @AspireCharity How about the London Revolution next year ? https://t.co/Q0BIYMFn2v - would love to… https://t.co/zNY1jYKZxN

@PAVITServices
Thanks @Sophos @krishagerman our MD Jason really appreciated the lightweight cycling gear for his ride to a very wa… https://t.co/fV36KGd7oe

We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.