The first thing you need to do in your security program is inventory the software and hardware that you have in your environment.
You’ll want a list of the devices such as laptops, desktops, printers, mobile devices, etc.
Typically, your inventory should include these points: the device make and model, the device MAC address, IP address if one is assigned, network communication methods (WiFi or Ethernet), licensing and warranty information, and the department and individual where the device is located.
Similarly, you should know the software and firmware on every device in your network.
You can’t implement good network security if you don’t know it exists, right?
So, your software inventory may end up being an extension of your hardware inventory, or you may handle it completely separately.
Either way, come up with a plan to deal with unauthorized and software that is not supported by the vendor.
For example, Windows 7 is no longer supported by Microsoft.
If you realize that your small business is still using Windows 7 during your inventory, be sure to come up with a plan to resolve the vulnerabilities.