Database Security: Tips for Securing a Database for Small Business
Although large businesses are often the target of data breaches by hackers, small businesses also have to be concerned about database security. Small businesses also have a lot more to lose because they generally have fewer infrastructures in place so the risk of data loss is much higher.
Although small businesses generally do not deploy the same security measures that large businesses do, there are several steps a small business owner can do to beef up database security.
Tips on Database Security
- Enable Security Controls: Unlike older databases, the newer databases require passwords to gain full access to the stored data. Often when the databases are shipped, none of the security features are enabled. Make sure you check the security controls and enable all of the features before allowing anyone access to the database.
- Check the Patch Level: Check the patch level configuration in the database to determine if there are any vulnerabilities in the default settings. Also, perform a full assessment of the database to fix any existing vulnerabilities in the system before placing any data into the database.
- Exclude Copying of the Database: Although you may have one chief IT administrator that is the primary gatekeeper to the database, there is no control over the data once the database has been copied. For this reason you should disallow database copying because it represents an internal threat to database security.
- Restrict Access: Restrict access to the database by specifically designating who is allowed administrator privileges. For a small business it is a good idea to delegate this responsibility to one IT administrator and then place certain restrictions on other users. In addition to restricting access, make sure the backups are stored in an encrypted format and restrict access to XML files. The files in XML format are files from a discontinued database.
- Existing Databases: There are database discovery tools which identify existing databases that contain confidential information. The tools also monitor existing databases to ensure the information is stored in encrypted format. In addition to the new database, make sure you monitor all of the existing databases to ensure that information is encrypted, there are no vulnerabilities, and that there are no duplicates.
- Shared Data: Sharing data becomes a concern when businesses have to train new employees and developers have to test new database applications. In this instance, the IT administrator can perform what is called subsetting which provides a separate type of restricted access with fake information substituted for the sensitive information. Subsetting a database basically allows developers and new employees to use the database for testing and training without exposing confidential or sensitive information.
Keep in mind that securing a database also requires a change in thinking on the part of database administrator as well as the workers who have access privileges or restrictions to the database. A change in attitude ensures that everyone is on the same page with what is expected when it comes to keeping data secure.