Cyber security instils images of Matrix-like hackers, trying to gain access to protected systems, while organisations are trying to prevent them. It looks very stylised and appears overly complex, but the same type of methodology of protecting anything really applies to cybersecurity as well.
You can't even begin setting up the process and security procedure without knowing what you have. Every single piece of hardware from routers to laptops to servers is a potential entry point to your overall system, and thus it is a threat as well. You need to know what are the actual ways someone can get in. In addition, you need to make sure there are areas of responsibility for every piece of hardware.
For example, with all laptops, the owners are responsible to some extent, while with other items such as servers, they rely solely on the IT department. All of these roles should roll up to the IT department anyway, as they should know what items they have, and who has which items (or who is responsible).
By shoring up your hardware inventory management, you can also start associating costs to all of these items. The hardware usually follows a depreciation system, meaning after a certain number of years, you should really be replacing that equipment. Your finance department will love it if you are able to do it, and when the time comes to replace the server with a better one, it will be that much easier, since the previous server has reached its end of life.
Maintaining this list with associated costs helps managers have a relevant overview of their respective budgets. It also has the IT department have an entire view, and they can see if there’s enough funding.
One of the best ways to combat cybersecurity issues is with consistency. With our list, we've added the item and the financial value and depreciation model. By adding the last time reviews were done – we can start ensuring that all systems have spot checks to see if there were any breaches.
This will also help keep track of when issues do happen, it can be tracked and analysed based on the department and the last time there was a review. This security sweep also helps in case of human error, when leaving laptops in taxis, or losing company phones at parties.
This starts shifting towards the software side in some cases, but it is important to have a standard setup for each employee. Someone in the marketing department might need a high powered machine to create designs but might not need to access proprietary company folders and information. While on the other end, someone in the Finance department needs to keep accessing financial information and company bank information, so they would be deemed as needing extra security features in their equipment. This can be done by ensuring they have a security fob to access business banking, and even have a separate security token to access remote server files.
Keeping your hardware files clean will always be more helpful during investigations of potential and actual breaches, and it doesn’t hurt on an overall organisational level.