Beginner's guide to database security

Big brands have been under fire recently for failing to properly protect customer information. LinkedIn raised alarms earlier this year when 6.5 million users’ passwords were published on a hacker website, while more recently Facebook became the target of rumours that it was publishing private messages on users’ walls, which thankfully turned out to be false.

Protecting customer data is not just a concern for global companies. As privacy becomes more of a concern for consumers and businesses alike, it’s important that every small business communicates its efforts of protecting customer information above all else. As well as covering yourself in a legal sense, it is a way to build trust in your brand. Placing a high priority on database security demonstrates your commitment to your customer.

Here are five foolproof ways to protect your customers’ privacy:

Recognise vulnerabilities

 

Database security sounds complicated, but sometimes companies fall down on the simplest mistakes. In a recent inquiry into data theft, the hacker on trial told the jury that 80 per cent of his successful break-ins were due to weak username and password combinations. The best way to create strong passwords is to avoid words that are in the dictionary, names and dates, and instead use a combination of letters, numbers and symbols consisting of eight characters or more.

Remove unnecessary components

 

Many databases today are huge applications with many options that users will rarely use. Keep data collection to a minimum – what you don’t have can’t hurt you. The more components you have in your database, the larger your attack surface. It is far easier to protect a smaller, less complex database.

Secure the data you keep

 

Database vendors regularly update their programs to keep your information safe, but applying security patches requires testing and database downtime, which can be time-consuming and inconvenient for companies – especially small businesses. The urgency of keeping your programs up to date depends on the nature of your business and the information you collect. Applying security patches on a limited schedule is better than not doing it all, but be aware that not keeping your systems up to date can open up your information to intruders.

Secure internal systems and personnel

 

Prevent unnecessary vulnerability by securing internal processes. Avoid shared passwords among employees and regularly update PINs to prevent contractors or freelancers gaining access to the system after their work with you has finished. Many database vulnerabilities are exposed because of the way the applications are coded. Work with programmers who are adept at architecting and designing for security, validating input and sanitising data sent to other systems.

Keep an eye on operations

 

All personnel who have access to the database should be well aware of their responsibility in keeping information safe and secure. It is important to monitor their activity too. Auditing occurs offline and looks at the activity of individuals in the system. Define activities that may alert you to any improper activity – like accessing sensitive data or privileged user access – and record them.

As consumers and businesses transact more and more online, the protection of customer data will only become more important. Make sure you have the proper systems in place to protect your customers and your business.

Bloomtools has prepared a white paper on our security guidelines, giving Bloomtools clients the piece of mind that we have invested the time, resources and have systems put in place to protect our clients data in our hosting environment