Database Security: Tips for Securing a Database for Small Business

Although large businesses are often the target of data breaches by hackers, small businesses also have to be concerned about database security. Small businesses also have a lot more to lose because they generally have fewer infrastructures in place so the risk of data loss is much higher.

Although small businesses generally do not deploy the same security measures that large businesses do, there are several steps a small business owner can do to beef up database security.

Tips on Database Security

  • Enable Security Controls: Unlike older databases, the newer databases require passwords to gain full access to the stored data. Often when the databases are shipped, none of the security features are enabled. Make sure you check the security controls and enable all of the features before allowing anyone access to the database.
  • Check the Patch Level: Check the patch level configuration in the database to determine if there are any vulnerabilities in the default settings. Also, perform a full assessment of the database to fix any existing vulnerabilities in the system before placing any data into the database.
  • Exclude Copying of the Database: Although you may have one chief IT administrator that is the primary gatekeeper to the database, there is no control over the data once the database has been copied. For this reason you should disallow database copying because it represents an internal threat to database security.
  • Restrict Access: Restrict access to the database by specifically designating who is allowed administrator privileges. For a small business it is a good idea to delegate this responsibility to one IT administrator and then place certain restrictions on other users. In addition to restricting access, make sure the backups are stored in an encrypted format and restrict access to XML files. The files in XML format are files from a discontinued database.
  • Existing Databases: There are database discovery tools which identify existing databases that contain confidential information. The tools also monitor existing databases to ensure the information is stored in encrypted format. In addition to the new database, make sure you monitor all of the existing databases to ensure that information is encrypted, there are no vulnerabilities, and that there are no duplicates.
  • Shared Data: Sharing data becomes a concern when businesses have to train new employees and developers have to test new database applications. In this instance, the IT administrator can perform what is called subsetting which provides a separate type of restricted access with fake information substituted for the sensitive information. Subsetting a database basically allows developers and new employees to use the database for testing and training without exposing confidential or sensitive information.

Keep in mind that securing a database also requires a change in thinking on the part of database administrator as well as the workers who have access privileges or restrictions to the database. A change in attitude ensures that everyone is on the same page with what is expected when it comes to keeping data secure.

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.