Software seems to always be in the news and prevalent in people’s minds these days, but while this is a vital area to protect, hardware assets also need to be protected. It is easy to forget how important these assets are, and how easy it is for someone with bad intentions to physically grab an asset or the hard drive within the asset.

Hardware assets need to be heavily tracked, accounted for, and stored correctly and securely. With the latest work-from-home initiative, Asset Identification Management and inventory maintenance has become more important than ever. Hardware is now much easier to have stolen, especially if it is being overlooked.

The Problem Beyond the Problem

With theft or loss, there is always the problem of money loss. The organization will need the finances to replace the asset and may lose money during the time spent replacing the asset. If multiple hardware assets are stolen, it can lead to a tremendous financial loss along with a loss of business continuity and productivity. However, what is arguably worse and can cause more financial ruin is if the data in the hardware assets is stolen.

A hard drive is one of the most valuable things to an organization because it contains private, organizational data. This includes private information, client-sensitive information, and more. The risk when the data is stolen is significant. The resulting fines and bad publicity are enough to put organizations out of business.

When hardware assets are left unchecked and unsecured, it becomes easy to lose track or have them get stolen. There have been multiple events where stolen or lost hardware put organizations in jeopardy.

A recent example was when a hard drive was stolen from a pay roll worker’s car containing the banking information of 29,000 Facebook employees. The data included bank account numbers and other critical information. In the wrong hands, this information can be devastating to those affected by the incident, and Facebook would receive serious public humiliation and backlash. Another example was when an external hard drive at California State University, Fresno was stolen. It contained credit card numbers, social security numbers, driver’s licenses, etc. of 15,000+ previous students that attended the school. Lost or stolen hardware can really harm an organization financially and publicly, and this does not even cover the damage the clients might need to face.

These instances are enough to make an IT Asset Manager adjust their ITAM program to protect the organization’s hardware IT assets.

Asset Identification Management KPA Is Part of a Solution

There are solutions to mitigate the risk on stolen or lost hardware. IAITAM teaches about Key Process Areas (KPAs) that are vital to any ITAM program. One KPA that applies is Asset Identification Management, which is a great way to ensure the IT Asset Manager knows where the asset is located.

Asset ID Management entails tagging each asset as it arrives at the organization, keeping track of its whereabouts, keeping the assets in a safe area, and more. This best practice is what keeps assets secure and helps to locate assets quickly. This KPA helps significantly with protecting hardware assets.

When an IT Asset Manager tags and accounts for their assets, it prevents unknown and possibly dangerous assets from entering the organization’s environment. It also helps with inventory maintenance and allows the IT Asset Manager to know where an asset is, where the asset was moved to, where it has been, etc. The Asset ID KPA allows the IT Asset Manager to know if the asset is missing and it helps them to know if it is missing faster.

The Stay-At-Home Initiative Makes Hardware More Important to Protect Than Ever

Since people are not in the office, the hardware is now easier to be stolen from empty offices. People know many offices are empty, and they can form plans to break in and steal the hardware. A good prevention to theft is storing assets in a safe, protected area. Well-crafted inventory maintenance and storage practices are what help to keep hardware assets safe.

Another factor from the remote-working situation is the hardware sent to employees’ houses for them to use. The hardware can be stolen from their homes or just simply lost in transit. In this instance, the IT Asset Manager needs to be told right away if an asset is stolen or lost. The time after the theft or loss is serious because the risk can be lessened if the asset is discovered to be lost or stolen quickly. To help reduce risk in this situation, the IT Asset Manager could have a short meeting prior to giving out the assets to let employees know to notify the IT Asset Manager right away if something is broken, lost, stolen, etc. It should be noted that once the asset is stolen or lost, it becomes IT security’s responsibility to take care of the issue. However, the IT Asset Manager can support the IT security team by helping to decide on a process to wipe the data from the hardware.

Take the Extra Step to Protect Hardware

Some things an IT Asset Manager can do to make sure their hardware assets are extra safe is to:

  • Go over the Asset ID procedures and revamp if necessary: Sometimes processes have not yet been established to protect assets from new threats. Going through and adding and modifying procedures in an ITAM program will help to protect the organization from these new risks.
  • Tag every asset: If the assets have not yet been tagged, make sure to tag them before they leave the premises or before placing them into storage. Keep track of which asset goes to which person and which ones go into storage. Knowing where the assets are is a major factor in protecting the hardware.
  • Work with the IT security team: The IT Asset Manager can work with the IT security team to see what ways the they can help protect the hardware and the data on the hardware. Processes will need to be established, such as remote wiping procedures, so the IT Asset Manager should be willing to help any way they can regarding ITAM processes.
  • Employee awareness: Sometimes neglect or carelessness from an employee leads to an incident. For example, an employee of New York City’s Fire Department lost a hard drive that contained the medical information of those treated with emergency care, which was 10,000+ records. It was not the employee’s fault, but if the employee was given awareness training, the incident might have been prevented.
  • Check in on fellow coworkers: Email fellow coworkers every few weeks to see if their assets are working properly. Asking coworkers how their assets are keeps them in check and helps them to be more mindful when handling their assets. On a positive side, in case something does go wrong, they know to reach out to the IT Asset Manager and feel more comfortable doing so.

Though hardware is always susceptible to theft or loss, the work-from-home initiative has made hardware assets even harder to keep safe. The Asset Identification Management KPA and inventory maintenance are best practices for protecting hardware assets. The risks of losing hardware lessen when an IT Asset Manager goes the extra mile to ensure their assets are protected.

References:

Fingas, J. (2020, February 18). NYC fire department loses hard drive with over 10,000 medical records. Retrieved April 30, 2020, from https://www.engadget.com/2019/08/10/fdny-loses-hard-drive-with-10000-medical-records/

Lee, D. (2019, December 13). A thief stole unencrypted hard drives filled with 29,000 Facebook employees’ information. Retrieved April 30, 2020, from https://www.theverge.com/2019/12/13/21020736/facebook-theft-unencrypted-drives-employee-payroll-security

Rodriguez, R. (2018, March 6). Stolen University Hard Drive Potentially Exposes Thousands of Records. Retrieved April 30, 2020, from https://www.govtech.com/security/Stolen-University-Hard-Drive-Potentially-Exposes-Thousands-of-Records.html