A database can include different types of data, database applications, database systems, database servers, and the associated network links. Database security protects your subscribers’ email addresses and related personal information.
Database security basics
- Update security patches: Continually install and update security patches for your company’s internal network to prevent malicious actors from exploiting vulnerabilities on your system.
- Antivirus/Malware: Correctly install and configure antivirus or malware protection software and install updates as soon as they are available.
- Access control: Limit access to sensitive information on a need-to-know basis. Make sure databases are not open and accessible to the internet. They need to be located behind a firewall, only accessible from trusted IPs.
- Log monitoring: Log significant computer and network security events, including password-cracking attempts, hacking and virus incidents, and changes to system software.
- Test applications: Test applications that connect to the database to ensure that SQL injection is not possible and that application-based queries are bound to specific user roles to prevent data leakage.
- Enable remote wipe functionality: Enable remote wipe functionality for mobile devices. If the device is ever lost or stolen, you can clear it of any personal data remotely. If your business allows a Bring your Own Device policy, require user acceptance of corporate control and monitoring.
Strong password policies
An essential prerequisite of securing a database is to require a unique user ID and password to gain access to company information systems, including laptops, smartphones, networks, and accounts. Below are some restrictions you should consider:
- Avoid using shared accounts and change default passwords.
- Enforce password complexity, length and expiration policies.
- Require at least eight characters.
- Require a combination of uppercase and lowercase letters with at least one special character (!, &, ?).
- Limit similarity to previous and current passwords.
- Limit password attempts by enabling account lockout to protect against brute force and birthday attacks.
- Force password changes every 60-90 days. Do not encourage users to change passwords too often, which may lead to poor password choices.
- Use hashes to store passwords to ensure confidentiality of data, and wherever possible enable Two Factor Authentication.