As we continue our Cybersecurity Awareness Month journey, this week we turn to the foundation of every defense strategy, Assets. Cyber Essentials Singapore  highlights assets as a core area, reminding us of a simple truth “you can’t protect what you don’t know exists!”.

Every business runs on assets like employees, hardware, systems, and the information that powers decisions. But in cybersecurity, assets aren’t just resources they’re also potential risks.

That is why Cyber Essentials Singapore places assets front and centre, guiding businesses to identify, manage, and protect what matters most. Here, we’ll explore why assets are so critical to safeguarding business continuity in today digital world.

Your Strongest Firewall Isn’t Tech, It’s Your Team

Your greatest cybersecurity asset is not that fancy technology, it’s your team. Employees are the first line of defense, every click or login can make the difference between safety and exposure.

To make security second nature, business can encourage simple daily habits such as:  

• Use secondary login steps (MFA), on top of using strong but still easy-to-remember phrases instead of weak passwords.

• Protect both work and personal gadgets with updates, antivirus, and screen locks.

• Don’t share or expose sensitive files unless it’s secure and necessary.

• Stay alert to fake emails, messages, or videos even those made with AI.

• Report anything suspicious right away to your IT or security team.

Not all employees face the same risks, so training should be tailored to their roles.  Everyday employees should focus on simple skills like keeping devices safe and handling data carefully. Meanwhile, specialists like Cloud engineers or security staff need a deeper role-specific training to tackle the risks unique to their work.

So, cyber awareness isn’t a one-time event, it’s a habit. While training conducted at least annually, keeping employees up to date through regular reminders, and simple awareness campaigns throughout the year make security second nature.  

When employees are continually engaged and reminded, they don’t just support cybersecurity, they become it.

Hardware and Software, Keeping Your Inventory Secure

You cannot protect what you don’t know you own. That’s why maintaining an up-to-date inventory of hardware and software is critical for cybersecurity.

A complete inventory should include IT assets (such as servers, laptops, mobile devices, IoTs), cloud services (SaaS, IaaS/PaaS, APIs), and even AI tools (both enterprise and public). For each, capture key details such as owner, location, classification, warranty/End of Support (EOS) dates, and vendor.

An accurate inventory improves visibility by spotting unauthorized or outdated assets, ensures control through approvals and sanitization, and builds resilience by removing unsupported systems or managing them with compensating controls.  

Simple Tips for Managing What You Own:

• Double-check your asset list twice a year to keep it up to date

• Get rid of old devices safely  

• Make sure cloud providers also handle data and old accounts securely

• Allow only approved and trusted devices, apps, and AI tools used by your employees

Know What Data You Have and How to Protect It

Not just assets and people, data is also one of your business most valuable assets if only it is managed well.  

To stay secure, businesses must know what data they hold, where it is stored, and how it is protected.

Building a data inventory means listing your critical information with details such as description, sensitivity level, storage location (on-premises, cloud, or vendor), and retention (how long it need to be stored) period. For business with large volumes of personal data, a data flow diagram helps track how it moves across systems.  

Keep it current by reviewing the data inventory at least once a year, or whenever significant changes occur. Staying on top of what data exists and how it flows helps prevent breaches and ensures compliance with regulations.

‍

Sounds so much to do?

Achieving Cyber Essentials certification doesn’t have to be complicated. At FEHA, we support you every step of the way from self-assessment to continuous compliance. Our approach streamlines documentation, closes security gaps, and ensures you’re fully prepared to meet CSA requirements.

With a focus on the Cyber Essentials mark we help your business certified with less hassle while strengthening and future-proofing your cybersecurity posture.

‍📩 Contact us today to begin your Cyber Safe journey and protect your businesses with confidence.

‍