By Heath Gieson, CISO / EVP of Operations, Forthright

Welcome back to our Cyber Security Action Month series. So far, we’ve talked about enabling Multi-Factor Authentication and auditing your user accounts. This week, we’re turning our attention to something just as foundational—but often overlooked: your company’s end-user computing devices.

Let me ask you a simple question: When was the last time you reviewed your asset inventory?

If you’re not sure, you’re not alone. Many organizations struggle to maintain an accurate, up-to-date inventory of their laptops, desktops, tablets, and mobile devices. But in a world where endpoints are often the first line of defense—and the first target—you cannot secure that which you do not know you have.

Why Asset Inventory Matters

Every unmanaged or unknown device is a potential vulnerability. Whether it’s a forgotten laptop in a desk drawer, a BYOD device with outdated software, or a machine that was never properly decommissioned, these assets can become entry points for attackers.

A strong asset inventory helps you:

• Ensure all devices are patched and secured
• Enforce endpoint protection and encryption policies
• Identify unauthorized or rogue devices
• Support compliance and audit readiness
• Optimize software licensing and hardware refresh cycles

Your Action Item This Week: Audit Your End-User Devices

Here’s how to take action:

1. Pull a Current Inventory – Use your endpoint management tools (e.g., Intune, SCCM, Jamf) to generate a list of all registered devices. Include device type, OS version, last check-in date, assigned user, and location.
2. Identify Inactive or Orphaned Devices – Look for devices that haven’t checked in for 30+ days. These may be lost, stolen, or simply unused. Investigate and disable or retire them as needed.
3. Validate Ownership – Ensure every device is assigned to an active user. Unassigned or ambiguously assigned devices should be reviewed and either reassigned or decommissioned.
4. Check for Overprovisioning – Are some users assigned multiple devices they don’t use? Are there devices with premium software licenses that aren’t being utilized? Reclaim and reallocate to reduce costs and risk.
5. Enforce Security Baselines – Confirm that all devices meet your organization’s security standards—this includes disk encryption, antivirus, endpoint detection and response (EDR), and OS patch levels.

At Forthright, we believe that cybersecurity starts with visibility. Knowing what devices are in your environment—and who’s using them—is a critical step in reducing your attack surface and improving operational efficiency.

Next week, we’ll continue our series with another actionable step to help you build a more secure organization. Until then, take a moment to ask yourself: Do I really know what’s out there?