How to secure your database from information leaks
Question: What steps should I be taking to secure my database information?
Answer: Everyone knows that locks, alarms, and cameras can help safeguard your facilities and equipment. But what about your computer databases - the places where the valuable, sensitive, and potentially irreplaceable assets of your small business are stored?
It may be easy to assume that Internet firewalls and PC passwords are enough to prevent unauthorized access.
But according to Fredric Paul, publisher and editor-in-chief of www.bMighty.com (now Information Week SMB), an online resource that specializes in the IT needs of small and medium-sized businesses, database breaches from both external and internal sources are increasing at an alarming rate.
"Small businesses face a higher risk because they usually lack the IT security infrastructure and expertise of larger, but no less vulnerable, corporations," Paul explains. "Because small businesses also lack the resources and expertise to detect and respond quickly to a breach, the consequences of unauthorized access are greater as well."
Here are some steps for keeping your small business database as safe as possible:
Enable security capabilities. Many off-the-shelf databases have only limited default security controls. Make sure that all authentication controls are enabled. Avoid using common or simple passwords for user and administrator accounts and change these passwords periodically. Purchase a reliable anti-virus
software and keep it current with updates.
Give the database a security check-up. Before entering any data, make sure no unwanted or unnecessary sharing features are activated by default. Check the software developer's website every few months to ensure that your version is up to date with all the latest security patches.
Restrict database access. Even if you have a small, trusted staff, access to the database should be limited to a need-to-know basis. This will prevent passwords and other important information from being misused or unintentionally shared. It also provides an extra measure of safety in the event that today's colleague becomes tomorrow's competitor.
Don't blindly do updates sent via e-mail request. In November 2009, an e-mail was circulated asking QuickBooks Online users to update. Links were provided and instructions given along with a warning that Intuit had been the target of illegal attempts to extract information. Intuit confirmed that this was a scam and that Intuit never sends out e-mails requesting their users to update. Remember, even if an update request looks legitimate, read it carefully and check it out directly with the company's customer service department.
Make regular backups. Depending on the size and extent of your small business, database back-ups should be made on a monthly, weekly, or even daily basis. The data should be stored in encrypted format to further minimize its value to a data thief. Back-ups should also be kept at a secure off-site location in the event your normal place of business becomes inaccessible due to weather, fire, or natural disaster.
Keep track of trends. Even if you don't consider yourself a computer whiz, safeguarding IT resources is easier when you take a proactive approach. Resources such as bMighty can provide valuable information and tips for ensuring your system stays in step with your small business' needs.
The next session of SCORE's new, six-part Business Plan Workshop series will begin Wednesday, March 10. Cost of the series is $90 for two participants from a single business. For more information or to pre-register, go to www.scorenaz.org or call the SCORE office at 778-7438.