October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Seventeen: Access Control - Users

"Wherever there is technology there needs to be cybersecurity"

Implementing cybersecurity best practices is important for organisations of all sizes to protect personal, financial and sensitive information.

Awareness Day Seventeen: Access Control - Users

Users of all systems should be regularly reviewed and should be part of the onboarding and leavers process of staff and students.

Regularly reviewing access control in line with job roles ensures that only those that have access to data and systems are those that require it.   The DfE Meeting Digital and Technology Standards in Schools and Colleges document advises that accounts should only have the access they require to perform their role and should be authenticated to access data and services.  

Successful cyber attacks target user accounts with the widest access and highest privileges on a network as this gets the widest impact with the most sensitive data and information.  You should limit the numbers and access of network and global administrative accounts.

If a single staff member controls account access, then another senior school staff member or governor should approve that staff member's own account.

Different accounts with specific rights for different purposes or have IT service providers and administrators enable just-in-time access, giving individuals time-limited privileges as required.

Watch our free micro learning video about Access Control:


We have more resource, support and guidance and trackers for all the DfE Digital Standards. 

Review: NCSC Identity and Access Management