October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Twenty Nine: Admin controls

"Wherever there is technology there needs to be cybersecurity"

Implementing cybersecurity best practices is important for organisations of all sizes to protect personal, financial and sensitive information.

Awareness Day Twenty Nine: Admin controls

Consider regularly reviewing who is control of the admin passwords.  Make it part of the onboarding and leavers process with staff.  If an admin staff member leaves, ensure the password is changed and kept securely.
🛂 Are the senior leadership aware of who has the admin passwords or at least know how to access them?
🛂 If IT is outsourced, ensure that the organisation still has copies of all admin passwords locally.
🛂 If the IT provider is changed, ensure relevant passwords are changed, once the new provider takes over. 

Have you done a due diligence check on your IT supplier, after all they will have access to all of your sensitive and private information?

If you are a school or multi academy trust there is more about access control in the DfE Digital Standards for schools and colleges. We can provide support, guidance and trackers to assess where are you are and monitor your progress 👉 https://digitalstandardstracker.co.uk/

Our customers can check our generic third party list to see if we have already done any due diligence on a third party, or they can request it by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. 

Review: NCSC Password administration for system owners

Review DPE's previous articles about admin controls:
October is Cyber Security Awareness Month: 17. Access Control (Users)

Read more …