Just as important as the passwords is the encryption of your database. Encryption means converting your data to a format such that, were it to be intercepted, would seem like a string of letters and numbers with no tangible meaning. But to the database program, it all easily converts to the data you want. But it ties back into passwords. A Yahoo! hack in 2012 exposed more than 400,000 passwords in plain text to the web at large. This meant open access to emails and passwords, and the need for a whole lot of users who put their faith in Yahoo! to change their passwords. Here, too, you don't want to be the company at the other end of that controversy. Make sure that your database is encrypted with up-to-date encryption software.
A simple way to protect your database? Leave it out of sight. This means keeping it hidden from search engine results through the robots.txt file, and also not linking to it directly. While you want employees to have access to database information, you may not want to put the log-in directly on the site. If you have an online database, do yourself a favor and keep it on a need-to-know basis. After all, the first step toward hacking a database is finding it in the first place.
A wide open database is a wide open vulnerability. You'll want to segment your data to make sure that not just anyone sees everything. In many systems, various roles can be created within the database.
For instance, you might want to have users, super users, administrators, and super administrators. Users can access or input basic information, but not alter information beyond what they've put in, whereas a superuser has computer permissions that allow wider access to data without being able to change everything. An administrator can work above all of these users, altering the structure of the database or having access to more sensitive information, while a super administrator can run the whole operation. For the upper tiers, you'll want to keep the number of people with those clearances low, such as managers or department heads. This ensure that, should a password be exposed on the site, it's not devastating if it's only someone with access to basic information on the site.
One way to prevent database breaches is to keep an eye on the database itself. Monitoring access and behaviors of database users can help you ensure that no odd behaviors are exhibited that might imply a leak. Checking unfamiliar IP addresses can ensure that no one has an employee password who shouldn't. Think of it like when you get a call from the bank asking you to confirm a transaction. Your address is in New York, but your card is being used in Calgary. It's a red flag to bank security, and the same thing should be a red flag to your business.
In addition, regular audits of your database help find inactive accounts, helping eliminate problems that might arise with someone obtaining old employee information. Perform regular audits, and your company can tighten up security before problems arise.