October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Twenty Four: Hardware: Server Security

"Wherever there is technology there needs to be cybersecurity"

Implementing cybersecurity best practices is important for organisations of all sizes to protect personal, financial and sensitive information.

Awareness Day Twenty Four: Hardware: Server Security

Physical checks and location are equally as important as systems access controls. 

🔐Consider where the location of your server is and who else has access to that location? 
🔐Is there a risk of tampering from an external threat?
🔐Is there risk of accidental damage or tampering?
🔐Who has access to the area and what other things are stored there?

Does the organisation have a  document DPE Model Physical Security Policy (179 KB) ?

Review the DfE Servers and Storage Standards for Schools and Colleges which advises that servers and related storage platforms must be secure and follow data protection legislation - they must be 'secure by design'. We can provide support, guidance and trackers to assess where you are now and your progress:https://digitalstandardstracker.co.uk/ 

Consider having your anti-virus software prevent the use of USB sticks in the organisation.

Review: NCSC Server Advice

Review DPE's previous articles about server security: 

Keeping your IT systems safe and secure

Read more …

We can come and review your server location as part of our data walks (Making the Rounds), which will give you an indication  of whether you are meeting the DfE Servers and Storage Standard.