Asset management – Why you should be doing it

Assets can come in many different forms; they aren’t just computers. Depending upon your business you may classify assets differently to other businesses. Theres no real right or wrong way to when it comes to defining an asset.

But in general assets can be thought of anything that can be used within your business that provides a value of some sort. The traditional assets which can be thought of, are the obvious desktop and laptop computers, mobile phones, servers, vehicles.  But you also need to think of other areas of the business as well, what about paper based systems?

Do you have a lot of paper based systems? For example invoicing, payroll and human resources or HR?  If so these can be thought of assets. What about items such as offices, and even your employees, yes people can be thought of as an asset as they are a core part of keeping your business working and help to provide the services.

So how do you go about identifying assets, if you’ve never looked at your assets within your business? This should probably be managed as an internal project and you should start looking at all areas of the business.

Ideally it would be starting with the IT, finance and human resource departments, if you have them. Talk to them, find out what has been bought or used over the last 3 years and then start recording the information somewhere.

But what do you need record? The minimum information you should look at recording, is a unique ID, the name of the asset, the type of the asset, is it a desktop/laptop computer, a machine, or car for example. Who is the owner, whats the location of the asset, whats the value of the asset and so forth. This can be stored in an excel spreadsheet and developed over time.

You’ll likely find that as you start developing your asset management system, you will find more and more items as you progress and you’ll likely start recording more information.

But if you already have some assets listed in some form, are the asset up to date? Can you trust they are where they say they are? Its best to start and verify all assets that you have recorded and build upon it to ensure you have the correct information.

The National Cyber Security Centre (NCSC) has quite a bit of information when it comes to asset management, and more, this can be found here: https://www.ncsc.gov.uk/guidance/asset-management

So, we now know what an asset is, we’ve started looking at what assets we have, and started to record the information. But why do you need to know what assets you have?

The simple fact is, if you don’t know what assets you have, how do you know what you need to protect, what assets can you depreciate and potentially what risk is there to the business if an asset is lost or stolen as an example?

By making sure you manage and identify all your assets which are valuable to your business you can build a foundational framework which can tie into other areas of your business.

An asset management system will help you with identifying risk within the business, by helping you understand what systems you have, where they are, what they cost to replace and so forth.

By knowing what computerised assets you have and where they are, you can manage and verify patch management, making sure everything is kept up to date and protected.

Asset management can help with streamlining the business, by identifying older legacy devices and systems and potentially allowing you to consolidate or remove these assets from the business, thereby maybe saving money in the long run.

One of the questions you are probably asking yourself is, this sounds like an awful lot of work to implement and keep up to date, how do you ensure that things are tracked correctly?

It doesn’t take much to do, once you get started, implement a plan that the business knows about, as part of your employee onboarding process identify and record what equipment people get, implement an annual review or more frequently of systems. Make sure of systems such as monitoring, Azure AD, if used, remote management systems, mobile device management and so forth, and use these systems to be as source of truth for your management system.

By looking at different systems to identify assets, you can also verify that everything is being tracked and monitored accordingly.

So hopefully you are now understanding how important it is to have a fully live and implemented asset management system within your business. Once developed and kept up to date it can be a cost saving to your business. It can aid in reducing your risk to the business by identifying what you have or don’t have. It can help save the business during an incident and much more.

Now lastly, our blogs wouldn’t be us, if we didn’t mention Cyber Essentials. But at this point in time Cyber Essentials doesn’t touch on asset management, but it does play a pivotal point in helping to comply with the standard. As you really can’t complete the basic or the plus certifications, if you don’t know what you have.