Database security is all part of a bigger security picture, and it would be remiss of me not to mention some of the other issues that can have some influence on database security. To help you classify those risks, I have divided the list into computer issues and people-specific issues. I will leave it to you, the reader, to prioritize these issues.
Following is a very brief overview of some of the more important technological issues that are relevant to the readers of this book.
Protecting your computers against a bombardment of Internet-related threats requires constantly updating the programs discussed in this book ”Microsoft Windows, Office, and, to a lesser extent, Access. To manage this course of action, Microsoft is putting considerable resources into technology that can deliver the latest Windows and Office security patches. In the "Further Reading" section at the end of the chapter, you will find links that explain how to keep your computer updated. To get information that's even better than that, though, head to http://www.microsoft.com , and you will find that the update links are very prominent on the site.
Make sure that your company protects all its computers with antivirus software and antivirus signatures that are fully up to date. You should also consider anti-spyware software to test for programs that try to track user activities.
As very potent viruses like Blaster and SoBig have taught us, all corporate networks require the protection of corporate firewalls and all laptops require personal firewall protection.
Tip | You can deny specific computers on your network any access to your computer by using a personal firewall product like ZoneAlarm. To deny access, make sure that the IP address of that computer is not included in the trusted IP addresses, which gives you a simple but effective way to stop some people from sharing your computer. |
Laptops are a lot easier to steal, break, or lose than normal computers, and thus, maintaining their security is more of an issue. Be wary of laptop computers that have important databases or copies of important databases.
Make sure that all computers that have valuable databases on them are fully backed up. Make sure that you test recovery on a regular basis.
Security to your buildings is important. Naturally, some of these tools will keep thieves from the premises and your computers: locks, safes, vaults, lighting, alarms, cards, codes, and biometrics.
Defragging your hard drive protects against people who might scan a stolen hard drive for deleted but valuable data. The good thing about defragmenting is that it will speed your computer as part of the process.
All the following issues probably need to be supported by corporate policies that are regularly brought to the attention of staff via documentation and training.
With more and more employees telecommuting from home, you need to be aware of what is happening with your databases. If taking a copy of the database home is inappropriate, your staff need to be aware of your preference.
Explain to your staff the importance of password selection and protection and explain why passwords are important in the first place. If passwords are passed on to other users, their usefulness is greatly diminished.
The Internet and email are standard in today's workplace, making inappropriate use of the Internet a bigger concern than ever before. Naturally, you need to ensure that staff understand the company guidelines for Web surfing.
Staff need to understand what is and isn't appropriate for transferring via email. Naturally, databases transferred by email to an outside organization could be something that companies may want to advise against.
Installing unauthorized software on company computers is something that should be discouraged because it may be infringing software license issues or introducing viruses and spyware software.
Occasional discussions with your staff about security will help instill in them a reason to be on the lookout for security issues. If a member of your staff raises a security issue, be sure to follow it up because doing so will encourage them to keep improving security.
Even though it should be obvious to most staff, you should consider making it clear via appropriate documentation that certain databases and files should remain on-site.