Asset Management and Cybersecurity: What You Need to Know
When you’re running an e-commerce business, cybersecurity is of the utmost importance. You have a responsibility to your clients, your employees, and yourself to ensure that privileged information stays safe – guest post from Adam Taylor
There is a vast amount of data that needs to be protected from security breaches: individuals’ personally identifiable information (social security number, date of birth, address), protected health information (medical history, insurance records), and financial data (credit card numbers, bank numbers). Asset management is an effective — but often neglected — step in cybersecurity. DIY Investor shares what you need to know about how asset management fits into your cybersecurity goals.
What is Asset Management?
When you run a company that’s primarily or exclusively online, it’s easy to think of the information that fuels your business as existing on your computer. However, it actually exists in several places at once, and it’s important to keep track of exactly where that information is and whether or not those places are secure.
A classic example of this is servers. Your servers hold onto your business’s information and, as time goes on, you may lose track of which servers have which info. This can seem like it’s not that big of a deal, but it’s easy to wind up with servers that are left largely unused for long periods of time. This means they’re not getting security updates. You’re not getting alerted to any patch needs, and eventually, that information becomes more and more vulnerable.
Asset management, in this context, is the act of keeping close track of all of the servers, lines, and other equipment that holds or transmits your data to make sure it’s up-to-date, working well, and secure, as well as all software that uses it along the way. This means checking out the physical equipment, keeping careful inventory of what equipment has been used when and for what, and making sure that any software updates or patches happen on schedule.
How to Get Started
If you’re currently without an assets management plan or procedure, your first step needs to be a full inventory of your digital assets. This will allow you to set a foundation from which you can build a plan going forward. Once all of your assets are accounted for, you can move toward addressing any security concerns you find along the way.
Take, for example, an unused server. If you discover you have a server that hasn’t been touched or accessed in years, you need to make a decision about what to do with it. Is the server’s hardware new enough to be secure, or are there any inherent risks to using it at all? Is there any data on there that you need to save, or is it all effectively junk? Do you need the space (or expect to in the future), or is this an asset you can sell to make budget room for something down the line? These questions will help you figure out the next steps to make with any IT asset that is no longer serving your needs, or which is putting you at risk.
How to Lighten Your Load
You can lighten your asset management load, but the process comes with drawbacks. For example, you may consider outsourcing your data management to a cloud computing solution. This puts the day-to-day work of asset management in someone else’s hands, freeing up your time and mental energy for your e-commerce work.
Although this offloads some of your responsibility, it also removes your ability to ensure your information is secure firsthand. After all, it’s important to remember that “the cloud” translates, roughly, to “someone else’s servers.” Make sure you practice due diligence when choosing a cloud storage solution to ensure that that company takes asset management seriously.
Another option is to use software to gain visibility into your assets and your company’s profitability. Having detailed insights into your finances will help you better understand where your money is flowing. Software like QuickBooks Online Advance reduces the likelihood of errors, and you can import and send invoices with batch processing which simplifies the process of billing clients and customers.
Don’t overlook asset management when it comes to crafting your cybersecurity plan. Effectively abandoned data is an attractive prospect for hackers. Make sure you’re keeping all of your information — and the places it’s stored — secure.