5 Ways to Improve Database Security
You don’t have to go far to find out how important database security is. For instance, Target is still reeling from their systems being hacked, exposing the credit card information of many of their customers. It’s the kind of harm that requires a lot of time, money, and resources for damage control, as well as the aftermath of breaking the trust in the company and diverting resources toward making sure it doesn’t happen again.
Ensuring the security of your company’s information is important, and even some of the biggest businesses can expose themselves to hackers exploiting security flaws. The information in your company’s databases are important, so it stands to reason that database security is too.
Here are five things you can do to keep your company and customer information safe and secure.
1. Have secure passwords.
The most sophisticated systems on Earth can’t protect against a bad password. There are the typical culprits — 12345, ABCDE, anything else on the most guessed password list — but hackers have increasingly sophisticated tools at their disposal that makes many other passwords increasingly vulnerable. Now, it’s not just making your password “password” that you have to worry about. It can be words in-and-of themselves. Programs exist that guess passwords that might be words in the dictionary or commonly used phrases, so those are out.
You can try to make a combination of letters, numbers and symbols to throw off would-be hackers. You can check your password here to see how long it would take hackers to guess it. Business Bee has also rated some password management tools that may be able to help you.
One other suggestion is to set rules that make employees change passwords on a revolving basis. If a password isn’t changed after 90 days, lock out that account pending administrator approval to make sure that an old password isn’t a hacker’s way in.
2. Encrypt your database.
Just as important as the passwords is the encryption of your database. Encryption means converting your data to a format such that, were it to be intercepted, would seem like a string of letters and numbers with no tangible meaning. But to the database program, it all easily converts to the data you want. But it ties back into passwords. A Yahoo! hack in 2012 exposed more than 400,000 passwords in plain text to the web at large. This meant open access to emails and passwords, and the need for a whole lot of users who put their faith in Yahoo! to change their passwords. Here, too, you don’t want to be the company at the other end of that controversy. Make sure that your database is encrypted with up-to-date encryption software.
3. Don’t show people the backdoor.
A simple way to protect your database? Leave it out of sight. This means keeping it hidden from search engine results through the robots.txt file, and also not linking to it directly. While you want employees to have access to database information, you may not want to put the log-in directly on the site. If you have an online database, do yourself a favor and keep it on a need-to-know basis. After all, the first step toward hacking a database is finding it in the first place.
4. Segment your database.
A wide open database is a wide open vulnerability. You’ll want to segment your data to make sure that not just anyone sees everything. In many systems, various roles can be created within the database.
For instance, you might want to have users, super users, administrators, and super administrators. Users can access or input basic information, but not alter information beyond what they’ve put in, whereas a superuser has computer permissions that allow wider access to data without being able to change everything. An administrator can work above all of these users, altering the structure of the database or having access to more sensitive information, while a super administrator can run the whole operation. For the upper tiers, you’ll want to keep the number of people with those clearances low, such as managers or department heads. This ensure that, should a password be exposed on the site, it’s not devastating if it’s only someone with access to basic information on the site.
5. Monitor and audit your database.
One way to prevent database breaches is to keep an eye on the database itself. Monitoring access and behaviors of database users can help you ensure that no odd behaviors are exhibited that might imply a leak. Checking unfamiliar IP addresses can ensure that no one has an employee password who shouldn’t. Think of it like when you get a call from the bank asking you to confirm a transaction. Your address is in New York, but your card is being used in Calgary. It’s a red flag to bank security, and the same thing should be a red flag to your business.
In addition, regular audits of your database help find inactive accounts, helping eliminate problems that might arise with someone obtaining old employee information. Perform regular audits, and your company can tighten up security before problems arise.