Awareness Day Twenty One: Hardware: Asset Control
Awareness Day Twenty One: Hardware: Asset Control
Understanding what IT devices you have, where they are and who has access to them is key in preventing a cyber attack. Consider the use of an IT Asset Register which records:
- the device type, make and model
- the serial number
- the purchase details if less than three years old
- any warranty details
- backup codes for the encryption keys if used
- who currently has the device and whether they have signed an acceptable use agreement
Ensure there are procedures in place to wipe the contents/reset in between loans and the asset register updated.
Ensure there is a method to track devices if lost/mislaid. Consider the use of remote wiping technologies.
Check the disposal company for IT assets has the required certifications.
Consider marking or tagging the devices (especially mobile ones).
Consider the use of mobile device management software for iPads.
Review: NCSC Asset Management
More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):