In the next installment of Sounds Good's "Cyber Bytes" series, Tracy Ross and Michael Ramage, director of Murray State's Cyber Education and Research Center, discuss the importance of asset inventory in organizations' or individuals' cyber security regimens. Of all the different facets of a comprehensive cyber security program, including strong passwords, multi-factor authentication, and endpoint detection, Ramage says asset inventory is the most important.
"If we don't know what we're protecting, then we really don't know which controls to implement where," Ramage explains. "So, an asset inventory is simply saying, 'Here's what we have, here's where it is, and we need to know those things so we know how best to protect them."
Asset inventories help ensure educational, medical, governmental, and other regulated agencies are in compliance with personal data confidentiality standards. Keeping data inventory also helps protect information outside the umbrella of these agencies. Ramage adds that storage is also a critical—and often overlooked—component.
"Every company should have an incident response plan," Ramage says. "That should be a given. Where do you keep it? Do you keep it on the computer that got hit with ransomware? Having some of the data in a place that's offline, maybe printed out and taped to the bottom of your desk, your insurance agent, whatever it might be."
Company phones are another weak spot to consider. "If our organization gave everybody phones, and I lose that phone in an airport, what's our next steps? If you don't know the unique identifier of that phone, then that phone's gone, as well as all the data that's on it. If you are managing that asset and you know the information, then you have the potential to do a remote wipe and delete all the data on that phone."
"If there's company information on there, okay, you lost a thousand-dollar phone. But the data on it could be worth way more," Ramage says. "It's not about your data, it's about making money. Our data has a value, and that's what they're going to try to sell."
Ramage advises backing up data to protect against sudden losses. Depending on what you're willing to tolerate, backups can range from every 30 days to once a year. The longer between back-ups, the more information could be lost or stolen.
Finally, Ramage says keeping up with asset inventory helps keep cyber insurance premiums affordable. An insurance company will typically assess an individual or organization's risk management before charging premiums. The more risk management strategies are in place, including asset inventory, the lower the monthly payments can be.
To read more "Cyber Bytes" stories, click here. To find out more information about Murray State's Cyber Education and Research Center, visit its website.