Hello and welcome to Think Cyber Secure! Firstly, I want to say thank you reading. I know how valuable your time is, so thank you for choosing to spend some if it with us.
Don’t want to read this post? Listen to the podcast instead:
When businesses ask us to help them with their cybersecurity, we go through an initial assessment to see where they’re at.
There’s one thing that we always ask about that’s critical to their cybersecurity, and more often than not, it hasn’t been done.
What’s that one thing?
It’s your business’s cyber asset inventory. A cyber asset inventory is a list of your business’s physical technology and software assets, data assets, and data flows, along with how critical each piece is to your business.
Inventorying is critical because, as an old saying goes, “You can’t secure what you don’t know you have.”
Once you know what you have, you can begin understanding how critical each is to your business, what cyber risk they add to your business, and ultimately, what tools are needed to reduce that cyber risk to your business.
An asset inventory can also help determine what technology and data an attacker may have gained access to if your business is compromised.
Why doesn’t everyone do it?
Because inventorying is not only tedious and un-sexy, it doesn’t directly add any cybersecurity to your business. It’s a pre-requisite for almost everything else in your cybersecurity plan.
It can also be a time-consuming and challenging process if you’re a larger business that has collected a lot of data over the years.
Think about all the data your business has and not just the obvious such as customer information or email addresses. Many types of data can be overlooked, such as email, transaction logs, or website tracking data. You may be surprised at how many different types and how much data your business collects, and where it flows during your day-to-day operations.
Other inventory benefits
An asset inventory is also helpful for many things other than cybersecurity, such as:
- Finding unauthorized software: Such as software for which the business doesn’t have a license.
- Detecting policy violations.
- Accounting for software licenses: Knowing how many licenses you need to pay for and reducing the risk of going over your allocated license count.
- Confirming regulatory compliance: Especially with data privacy regulations adopted in many countries, knowing your data can be essential in some cases.
How can you get started?
If you’re a tiny business, this may be as simple as a spreadsheet and flow diagram. Larger companies may need a software suite dedicated to asset management.
If you’re in the tiny category, start by collecting a list of each piece of technology and software (including operating systems) your business has and each piece’s physical location. Include any cloud or external systems you use in this list as well.
Then, do the same with your data. In the instance of location, write down what piece of technology from your first list on which the data resides.
Then start working on the data flows. Diagram out where data is stored and through which technology assets it flows as it’s used and processed.
Finally, start to classify the assets in your list based on how critical they are to your business and operations.
How often should you update your asset inventory?
Technology changes rapidly. As you update your technology, replace old assets with new ones, discover new software, and collect more and different data, you should also be updating your asset inventory.
To keep your asset inventory up to date, record these changes as they happen, after projects are completed, or plan a re-inventory on a regular interval, such as every couple of months.
Does your business have an asset inventory? Is it on your list of goals for this year?
At Think Cyber Secure, we uncover the hidden gaps that cause cyber risk, and develop an action plan that will eliminate the stress and frustration resulting from cybersecurity.
If you’re interested in improving the cybersecurity of your business, then be sure to subscribe and follow along with us.
The goal of the blog and podcast is to help you, as a business owner, an entrepreneur, a freelancer or whatever you may be make your business more cyber secure with detailed tips and information each and every week.
To be sure you’re notified when we publish another post and to get access to other resources as well, subscribe to our mailing list
Are you stressed about your business’s cybersecurity?
Subscribe to follow along with us, as well as receive tips and information on how to keep your business cyber secure!
Again, thank you so much for reading!