• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

InfoSec / Cyber

Hooded person over a computer linked to a padlock and password, badge for data protection officer, white text saying Be Cyber Aware

October is Cyber Security Awareness Month: 29. Admin controls

October is Cyber Security Awareness Month, and while we don't think that cyber awareness is something to cover just once in the year, we think it's a good opportunity to publish some information that can be used all year round.
Awareness Day Twenty Nine: Admin controls
Awareness Day Twenty Nine: Admin controls

Consider regularly reviewing who is control of the admin passwords.  Make it part of the onboarding and leavers process with staff.  If an admin staff member leaves, ensure the password is changed and kept securely.
Are the senior leadership aware of who has the admin passwords or at least know how to access them?
If IT is outsourced, ensure that the organisation still has copies of all admin passwords locally.
If the IT provider is changed, ensure relevant passwords are changed, once the new provider takes over.
Review: NCSC Password administration for system owners

Review DPE's previous articles about admin controls:

More questions like these are in our Information and Cyber Security Checklist (only viewable with a valid Data Protection Education subscription):