---
id: "action-inventory-systems"
type: "action-item"
source_timestamps: ["¶10"]
tags: ["system-audit", "attack-surface-reduction"]
related: ["framework-dobrygowski-smb-cyber-defense"]
action: "Scan network, update legacy software/firewalls, and disconnect non-crucial systems."
outcome: "Reduces the organization's attack surface and eliminates unmonitored vulnerabilities."
speakers: ["Daniel Dobrygowski"]
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-sig-57-smb-cyber-risk"
sourceUrl: "https://hbr.org/2026/06/ai-is-changing-cyber-risk-heres-how-smbs-can-respond"
sourceTitle: "AI Is Changing Cyber Risk. Here’s How SMBs Can Respond."
---
# Inventory and Prune Connected Systems

**Action:** Conduct a comprehensive scan of your network to identify every connected device and software application. Verify that firewalls and legacy software have the latest security upgrades, and disconnect anything no longer crucial to operations.

**Outcome:** Reduces the organization's attack surface and eliminates unmonitored vulnerabilities.

**Where it fits:** Step 2 ("Take inventory") of [[framework-dobrygowski-smb-cyber-defense]]. Complements [[action-architect-data]] — you cannot protect (or restrict access to) systems and data you have not inventoried.
