Embed Size (px)
Citation preview
59%The percentage of employees
who steal proprietary corporatedata when they quit or are fired
In today’s world, the risks associated with inadequate data securityis a business critical concern.
Data leaks pose major security concerns and can have devastatingimplications.
Based on our extensive experience in the Real Estate industry wehave compiled a list of 7 things you should be thinking of to ensureyour data security.
#1PHYSICAL SECURITY
Physical breaches can take on such asunauthorised individuals gaining access to the physical sever itself; into the office network;or individuals using an unattended employee workstation to accessthe
various forms
individuals connecting their own devices
company network.
#2NETWORK SECURITY
how your database server reside topology. Is it directly accessible publically; is it isolated fromexternal facing application servers; are communications to/fromitself and is a firewall being used torestrict communications.
within the network
using SSL for data exchange
Understand
2014data breaches increased by
over 27.5% from 2013
In
#3SERVER CONFIGURATION
. Is the SQL instancediscoverable on the network; are the SQL services using a ; are unnecessary services disabled; is theSQL administrator account (sa) disabled and which authenticationmethods are used, Windows,
Know your server configuration
non-standard port
SQL or both.
#4PASSWORDS
can severely compromise your data. Ensurepassword complexity is configured; be sure to enforce the use of and within applications, passwords instead of storing them in plain text.
Weak passwords
password complexity encrypt
75%of people use the samepassword for multiple
accounts
#5SQL INJECTION
can bring systems to their knees. Ensureabsolute minimum privileges are granted to application accounts;restrict inter-application access when sharing a database server; and where possible, parameterizeapplication input values.
SQL injection attacks
encrypt sensitive data
#6DATABASE BACKUPS
Database backup security is often overlooked, but vital. are adequately secured; useencryption when performing backups and be sure
to restrict accesslocal/remote backup locations
Ensure
to certificates/keys used by encryption processes.
#7PATCHING
, if left unresolved can be exploited. Staycurrent, ensuring critical operating system updates are applied regularly;ensure database server software is regularly updated independently andwhere feasible
Known vulnerabilities
enable automatic updates.
Securing your data requires one to think beyond just the immediatescope of the database server in order to ensure data securitycontinuity.
The management of data security is a process requiring continualreview. After all, can you afford not to ensure the safety of yourdata?
WE DELIVER CUSTOM SOFTWARE SOLUTIONS AND SERVICES TO OWNERS ANDOPERATORS OF REAL ESTATE
WWW.OPENBOXSOFTWARE.COM
Click here to discuss your requirements in more details
ReferenceCherry, Denny. (2012) Securing SQL Server: Protecting
your Database from Attackers, 2nd edition
By Craig Rynhoud
