Mapping Your Digital World (Episode 3)

Asset Management

Noel G Alexander: Welcome back, folks! I’m Noel Alexander, and if you’ve tuned in before, you know we always try to cut through the noise and get to the practical realities for small and medium-sized businesses out there wading into cybersecurity. So, today I wanna talk about something I call “the hidden world” inside your company — your digital assets. I mean, it’s wild, right? Every business has way more stuff than they remember. Laptops, phones, printers, those SaaS subscriptions everyone’s forgotten about, weird IoT gadgets, even the smart coffee machine — that’s all part of it.

Noel G Alexander: Think about it: if risk management and governance are like your steering wheel, then asset management, that’s your map. And let me tell you, you can’t steer safely if you don’t even know what’s on the road with you. I’ve seen this firsthand. I was helping this manufacturer, and they swore up and down they had exactly 200 endpoints on the network. Turns out, after just a single network discovery scan, they actually had 300! Extra Wi-Fi printers, bored employees’ laptops, even a couple of smart TVs — and get this, some had never seen a security patch in their life. It’s like, one of those “oh, wow” moments, but not in the good way.

Noel G Alexander: And, here’s a little embarrassing story for you: a while back, at my own house, I caught a random smart plug on my Wi-Fi. At home! I mean, it’s my job! And even I sometimes have no clue how these things sneak in. If it happens to me, it’s definitely happening at scale in your business.

Noel G Alexander: So, the takeaway here: you cannot protect what you don’t know exists. From servers and laptops to cloud accounts and weird little devices, if they’re connected, they need to be tracked. Use some kind of inventory — automated tools are great, but even a solid spreadsheet is better than nothing. And do a quarterly review, because shadow assets tend to pop up when you’re not looking. Believe me, attackers bank on these blind spots.

Protecting the Data that Matters Most

Noel G Alexander: Now, let’s zoom in a bit: not every asset holds the same kind of data, and not all data is equal. Data classification — I know, it sounds super formal, right? But it’s simple logic. Your payroll records and your employee lunch menu, they shouldn’t be treated the same. That’s why figuring out how sensitive things are, and who really owns which set of data, matters.

Noel G Alexander: Here’s the gist: you sorta set up these buckets — like Public, Internal, Confidential, and Restricted. Label what you can, physically or digitally. And give someone ownership of each batch of data, so no one assumes things are someone else’s problem. There was this financial services firm I consulted for — they rolled out a four-level classification, and at first, everyone grumbled. “Oh, it’s more work, more labels.” But then, suddenly, their DLP system flagged a misdirected ‘Confidential’ email. The system blocked it before any client data could leak. That’s when the light bulb went off for them: labeling wasn’t bureaucracy, it saved them from a potential PR nightmare.

Noel G Alexander: Still, there’s a balance. Over-classifying slows everybody down, while ignoring sensitivity is risky. HR data — now that’s gotta be tight, privacy-wise. But does your marketing campaign file need a confidential label? Probably not, right? Actually, this was something we touched on in our first episode — don’t try to boil the ocean. Start simple, with four categories, and give concrete examples. And hey, tailor your approach: the HR folks will handle data one way, your marketing team, another.

Taming Shadow IT and Asset Lifecycles

Noel G Alexander: Okay, so you got your inventory and you’ve classified your data. But here’s where things get extra tricky: shadow IT. I’m talking about those apps and devices that show up without any official blessing. People love convenience. They add a file-sharing app here, maybe connect a rogue router there, and suddenly, your neat little inventory is shot full of holes.

Noel G Alexander: Take this real case — a mid-sized law firm, seemed pretty locked down. But a paralegal moved sensitive legal documents onto their personal Dropbox. Totally understandable — official systems can be slow. But that Dropbox synced to an unsecured home PC... which got hit by malware. Now, because of one “shadow” move, confidential files were out in the wild. The solution ended up being simple — offer everyone a secure, user-friendly file sharing platform. They cut these shadow incidents by 70%. If people ignore your official tools, it’s often because there’s a usability problem, not just a security one.

Noel G Alexander: And let’s not forget about asset lifecycle — from onboarding new gear to saying goodbye to old hardware. I’ll never forget touring a state university; there were stacks of decommissioned servers, just collecting dust, with actual student data still on the drives. Secure procurement, regular patching, and serious disposal routines—that’s how you keep from letting old assets become a security time-bomb. If you don’t wipe those hard drives or delete those cloud accounts, someday someone is gonna find them. Maintain a “cradle-to-grave” record for every asset, so when someone leaves, their data access leaves with them.

Noel G Alexander: So, quick question to folks listening: could you name every single device and system your company uses right now? If not, where would you even start? That’s not to make you sweat — but to help you see exactly where your map might have blanks. Consider basic inventory tools, and keep tuning the process up. Shadow IT will always be a temptation, but communication and the right tools make all the difference.

Noel G Alexander: Alright, that’s all for this round. Asset management might sound boring, but honestly, it’s the backbone of your real security strategy. If you can see it, you can defend it. Next episode, we’ll dig even deeper into the practical side of securing your digital environment. Lastly, my book, A Simple Guide to Cybersecurity for Small and Medium-sized Businesses, is available on Amazon, or for a complimentary copy, send an email request with your name, phone number, and company name to noelga@vastmanagementcorp.com. Thanks for listening, keep your map updated, and I’ll catch you next time!