Skip to content Accessibility

Attention! Investment scams are spreading. See more at: Investment fraud

Know what hardware and software you are using

First, it is necessary to get an overview of which devices and software are in use in the organization.

Physical devices

In order to successfully protect the company’s network, you first need to have an overview of what devices and software it uses. Therefore, making an inventory is the first and most important step in creating a secure system. If you do not know what devices or software may be on the network, you will not be able to detect unknown and unauthorised devices or software. It is precisely these devices or software that can be exploited by attackers to gain access to the office network. If you do not know that certain software is in use, you cannot
organise its updating. There is also a risk of software being installed that could introduce malware (for example, illegal music/film downloading software). For each device that is on the office network, you should have the following information:

  1. device ID or name;
  2. manufacturer and model;
  3. the serial number of the device;
  4. P address;
  5. purpose of the device or the reason why it is in the network (computer, server, network device, etc.);
  6. list of software installed on a device;
  7. what business process it affects;
  8. how the assets are linked.

Recommended actions

First, you need to identify which devices are on the network. Even if it is a small network with only a few devices, the information must be documented. Failure to do so may cause these devices to remain unprotected. It is unprotected devices that attackers are looking for to gain access to the company’s network. An overview of the devices on the network is also necessary when IT employees or service providers change, as they need to have information about the network and the devices on it.

If the company network comprises more than a couple of computers, it is recommended to use software that does the inventory automatically. Manual inventory can introduce errors, and it is very time consuming if you have many devices. The hardware register should also include any devices that are not currently in the network, but which may be connected to it or which could lead to data leaks if stolen.

Once you have an overview of the devices on your network, you need to find out what software is running on them. This is necessary to check that the software has been updated and that no unnecessary software has been installed on the devices. When taking inventory of software, it is also a good idea to use a tool that can automatically collect data. Among other things, theautomatic software inventory helps to detect when new software has been added to a device. The software data collected should be linked to the device register so that all devices and associated software can be monitored in one place.

Ask an IT specialist

Both free and paid software is available for hardware and software inventory.

Paid software usually provides more functionality. Ask your IT employees or service
provider for suitable software.

In order to better manage your devices and software, it is worth considering adopting a central management solution. Central management allows managing devices from one place and determining which software should be installed on devices, at the same time eliminating the need for several inventory software and management systems. Central management makes it possible to perform inventories as well as apply security requirements to devices. Some central management software makes it possible to remove data from devices over the internet, which is required if an employee loses a device or it is stolen.

Ask an IT specialist

A number of solutions are available for central management depending on which devices (computers, smart devices) are in use. They are usually paid software. Ask your IT department or service provider for solutions that are suitable for the company.

Nowadays, it is increasingly common for employees to want to use personal devices for work. Smart devices (phones and tablets) are very common, but personal computers are also increasingly used. In addition, employees bring their own USB flash drives and external hard disks to work, allowing data to be quickly and easily moved from the internal network to external storage.

If employees are allowed to use personal devices, clear rules must be established, as these devices may also process company data. Where possible, the rules should be drawn up in cooperation with users and the IT department.

When creating rules for the use of personal devices, you must:

  1. determine which security requirements are established for personal devices. For example, it is essential to require that devices are password-protected and have antivirus software installed.
  2. Create a list of devices and operating systems that are not permitted in the company, such as devices with security vulnerabilities or devices that are no longer supported by the software manufacturer. Personal network devices (user’s personal switches, routers, Wi-Fi devices, etc.) that may cause malfunctions in the company network should be prohibited;
  3. if possible, keep a list of the devices that employees wish to use. It should include the employee’s name, device name, software list, etc.;
  4. establish clear instructions for the use of external storage media, such as USB drives and external hard disks;
  5. if necessary, create a rule prohibiting the storage of work-related information on personal devices.

Users must read and agree to the rules and requirements and confirm it with their signature (otherwise, their personal device is not allowed to be used for work).

Other topics

Assess the implications of using cloud services

Use new technologies safely
Read more