Big Cyber Risk: Unmanaged Devices
Endpoints used to access, store or control private data must be known and protected

Big Cyber Risk: Unmanaged Devices

FCI FCI

FCI

MSSP offering Managed Endpoint & Network Protection and Security Assessments to Financial Services firms.

发布日期: 2022年10月5日
+ 关注

One of the biggest risks in cybersecurity is the allowance of unmanaged devices to access enterprise private data.

When unmanaged, a firm does not have the ability to ensure cybersecurity safeguards and compliance of devices connecting to its corporate network, which introduces higher risks for data breaches and regulatory noncompliance. As an example, while most firms have adopted multifactor authentication (MFA) to identify users, many continue to allow unmanaged devices to access their private systems without it.

As soon as a device connects to any system of private data, whether it’s email, a CRM, or financial software, the data within those systems becomes at risk if the device accessing it does not meet cybersecurity standards and regulatory requirements.

Information systems that provide access to nonpublic information (NPI) must be accessed securely. The Regulators are clearly stating that firms need to be able to have control over devices that access private data that they are responsible for securely protecting.

Validation of cyber posture at the time of log in, enforcement of cybersecurity settings and lock down functionality are few examples of effective device management. Additional advantage in device management is the ability to prevent against internal threats of data exfiltration. Monitoring and blocking of web controls (restricted websites, third party web apps), removable storage (USB drives, etc.) and file content (SS#, policy numbers, etc.) prevents unauthorized distribution of sensitive information outside of a firm.


No alt text provided for this image


"Restricting data downloads to USB, CD drives, and SD ports and other mobile devices, as well as blocking access to personal web email programs, cloud-based file sharing service providers and social media sites." FINRA Report, Selected Cybersecurity Practices – 2018, Data Loss Prevention (DLP)


FCI identifies unknown devices accessing enterprise systems of private data, audits endpoints and automates enforcement of security settings and software to ensure that connected devices are secure and compliant at the time of log in. If a user logs in and the system does not know the device, then that device is automatically identified and brought into compliance with firm cybersecurity policies before access is granted.

To learn more about Managed Endpoint Protection visit: https://fcicyber.com/managed-endpoint-protection/

www.fcicyber.com


要查看或添加评论,请登录

FCI的更多文章

社区洞察

其他会员也浏览了