Security Tips, Uncategorized

5 tips for keeping your database secure 0 1466

Avatar
Secure database

5 tips for keeping your database secure

Of all East African countries, Kenya has the highest recorded monetary loss from cyber crime totaling $171 million last year. When it comes to database protection, there are steps and procedures that can be taken internally to minimize the risk of cyber crime. Over and above strong passwords, backing up data and using security applications, there are a number of additional precautions that can be taken.

Here are 5 key tips for keeping databases secure

  1. Control access to the database

Give access only to those who really need it and then limit their permissions and privileges.

THE MORE YOU LIMIT PERMISSIONS AND PRIVILEGES, THE BETTER

In addition to basic system permissions, you should also consider:

  • Limiting access to sensitive data for both users and procedures—in other words, only authorizing certain users and procedures to make queries relating to sensitive information.
  • Limiting the use of key procedures to specific users only.
  • Whenever possible, avoid simultaneous use and access outside normal or office hours.

It is also recommended to disable all services and procedures that are not in use, in order to prevent them from being attacked. In addition, whenever possible, the database should be located on a server that is not directly accessible from the internet, to avoid information being exposed to remote attackers.

  1. Identify sensitive and critical data

The first step, before considering protection techniques and tools, is to analyze and identify what important information must be protected. To do so, it is important to understand the logic and architecture of the database, to make it easier to determine where and how sensitive data will be stored.

Not all of the data we store is critical or needs protection, so it makes no sense to spend time and resources on this type of information.

We also recommend keeping an inventory of the company databases, being sure to take all departments into account. The only way to effectively administrate and avoid losing information is to know about all of the company’s instances and databases and keep a record of them.

What’s more, an inventory is particularly useful when doing an information backup, to avoid leaving critical data out of the scheme.

  1. Encrypt information

Once the sensitive and confidential data have been identified, it is good practice to use robust algorithms to encrypt that data.

When an attacker exploits a vulnerability and gains access to a server or system, the first thing they will try to steal is the databases. These are a valuable treasure, as they usually contain many gigabytes of valuable information; the best way to protect a database is to make it illegible to any person who accesses it without authorization.

  1. Anonymize non-productive databases

Many companies invest time and resources in protecting their productive databases, but when developing a project or creating a test environment, they simply make a copy of the original database and start to use it in environments that are much less tightly controlled, thus exposing all the sensitive information.

Masking, or anonymization, is a process through which a similar version is created, maintaining the same structure as the original but modifying the sensitive data so that it remains protected. With this technique, values are changed while maintaining the format.

The data can be changed in different ways: mixing it together, encrypting it, mixing up the characters or substituting words. The specific method used and the rules and formats that need to be respected will be up to the administrator, but whatever method is used, it must ensure that the process is irreversible; that is, no amount of reverse engineering will enable anyone to obtain the original data again.

This technique is especially used – and recommended – for databases that are part of a testing and development environment, because it allows you to preserve the logical structure of the data while ensuring that sensitive client information is not available outside the production environment.

  1. Monitor your database activity

Being aware of auditing and recording actions and data movement means that you know what information has been handled, when and how, and by whom. Having a complete history of transactions allows you to understand data access and modification patterns and thus avoid information leaks, control fraudulent changes and detect suspicious activity in real time.

Remember to follow these tips and be very careful when managing and protecting your databases. The information they hold is very valuable to the company and a very attractive prize for attackers, so it definitely deserves your full attention.

Previous ArticleNext Article

Cyber-attack risks for companies with employee origins 0 974

Avatar

As part of the initial security relationships we build with new clients, ESET surveys management and responsible employees about what they view as their biggest security challenges. Responses at many large businesses identified the bad security behavior of their employees as one of the biggest security challenges. It is paradoxical that although companies realize that raising security awareness among personnel would increase their organization’s security, by in large they do not invest enough resources into this.

For the purpose of increasing physical security and safety within a company, in many cases employees must attend mandatory training on workplace and process safety, as well as health and fire protection as part of the onboarding process. However, these days a company can not only be put out of operation by a fire, but also via a successful cyber-attack or an angry employee deliberately compromising security. Another very common case is lack of security-mindedness by employees, who might carelessly click on strange attachments or access insecure websites in an effort to solve either personal or work-related queries. Therefore, it is in the interest of employers to raise awareness among all employees about responsible behavior on the network, to support ongoing training and/or e-learning as well as to monitor both access rights and abrupt changes in usage behavior.

Businesses should focus on education along with directives

Companies should implement certain rules of proper internet and network usage. These rules should include what not to click or download, who to consult regarding suspicious mails, and what to do if an employee suspects that something bad has already happened. All this information can be incorporated into a company’s internal directives, which would allow the company to discipline an employee who violates the security directives repeatedly.

However, the directives should go hand in hand with internal education. “Giving a new employee 250 directives to read is not the right way to go. Invariably very few employees ever really read them. It is, therefore, good to educate employees proactively and then assess what they have learned,” says Michal Jankech, the Principal Product Manager at ESET, outlining a more effective way to increase security awareness among personnel.

“Among our customers are companies that invest a lot into IT security training. As a result, every employee knows how to act in specific situations, such as when they see a colleague accessing insecure websites, or when they find a USB key lying in the corridor or sensitive documents left at the printer, and the like. This significantly contributes to the overall security of the company,” explains Jankech.

It may be difficult to recognize a suspicious email

When educating employees on IT security and creating directives, it is important to realize that employees may behave in an unsafe way either intentionally or unintentionally. Bad security behavior can be unintentional when, for instance, an employee is unable to assess whether an email is suspicious or is unaware of what a suspicious link looks like. Attackers often use sophisticated techniques and know-how to make malicious emails look trustworthy – for instance, they may include a link to a fake website of the bank or the company where the employee works. In this case, it is necessary to assess links, validation, and certificates. Of course, that is something an ordinary employee without training would not do.

The unintentional bad security behavior of employees can be further divided into malicious and harm                               less behavior. For example, if an employee decides to use the Internet for personal purposes and legally buys a movie and downloads it in the corporate network, this can be considered poor security behavior, but is likely unintentional and harmless.

Companies can be held legally responsible for illegally shared content

The situation is completely different when an employee downloads pirated movies or music on the corporate network. In this case, the company may be pursued by the copyright owner for damages and can also receive a hefty fine. This is because in much of the world legal responsibility lies with the person/entity that signed the contract with the internet service provider. In many cases the company would be legally responsible, not the employee who downloaded pirated content at work.

Disgruntled employees can pose a threat to the company

Deliberate malicious behavior occurs when an employee purposely wishes to harm the company. For instance, an employee leaving the company on bad terms could decide to copy the customer database and take it out of the company. Alternatively, a resentful employee could intentionally infect the company’s network or damage its data.

Comprehensive coverage and visibility

ESET’s security software allows the option to block the transfer of data out of the company on portable media. For instance, the company can determine which employees are allowed to copy data from corporate devices onto USB keys or it can allow data transfer only for specific USB keys that have their content encrypted by ESET Endpoint Encryption. Using ESET Endpoint Security, the company can block access to specific types of websites; for example, websites where employees could upload business data or low-reputation websites that could potentially be a source of malware infection. Data from all these security solutions is made available to IT administrators in a clear, organized form in ESET Security Management Center (ESMC). Thus, IT security within the company not only gain a good overview of what is going on in the corporate network, but they are also be able to solve security incidents in a single click within ESMC.

Try ESMC our powerful security management dashboard

ESET Security Management Center is included with all ESET Enterprise-Grade Solutions.

Network security solutions’ value proposition to be found in improved insights 0 948

Avatar

The work of a large company’s IT security experts consists of safeguarding the network, the business infrastructure and devices, and all the data processed by the company.

For example, if a business has 10,000 employees, each may use a laptop and/or a desktop, as well as a mobile device and will connect to a server. As such, the total number of devices utilized at an enterprise may be enormous. Alternatively, another company may have a small management cadre of 100, and 10,000 employees involved in production, retaining a relatively low number of endpoint devices, but numerous servers, a production line with its own operating system, and a number of Internet of Things (IoT) devices. These may be used to monitor product distribution or production, for example to monitor dairy cows and the tracking of cattle. 

In both cases, the devices used are connected to a corporate network, and as such, IT security experts understand that maintaining protection for all of these devices, the corporate network and stored data is very complicated. They also concede that company security is at risk of being breached, either via a mistake, the negligence of an employee, or due to some form of cyber-attack.

Industry consensus shows that it takes about 150-200 days before companies discover that cyberattackers have impacted their businesses in some way. Such a discovery is followed by an investigation into how malicious code entered the company’s network and what damage it has caused. It may be the case that a company never gets answers to these questions.

When less is more
In many cases ESET has encountered companies simultaneously running a large number of agents up to  an incredible 15 to 17 on their network and devices in an attempt to achieve maximum coverage. However, the utilization of a large number of agents, often sometimes from different vendors, creates an environment where they do not play well together. This can have a significant negative impact on system performance, security, and the workload of IT staff who are tasked with managing it all.

As a consequence of this complexity, companies have been experiencing increased pressure on their IT security resources, higher costs and increased risk exposure. Under such conditions they (usually) try to evolve towards reducing the number of agents by choosing platforms where multiple agents can be managed from a single dashboard.

To better meet this need ESET has continued to adapt solutions like ESET Remote Administrator, which was originally designed for the remote management of endpoint device security. Increasing market demand for deeper insight and further security capability has helped give rise to a new product: ESET Security Management Center (ESMC). The new name better reflects the actual functionality of the console.

This solution consolidates the management of a number of powerful technologies into a single dashboard that can increase visibility into the state of the system. This includes, cloud sandbox and also covers ESET Endpoint protection platform for endpoint devices with a wide range of detection technologies, from UEFI protection to ransomware shield.

ESMC is able to provide an administrator with a lot of information on the hardware of individual computers, such as device type, manufacturer, model, serial number, processor, RAM, and disc space. It also monitors all installed software and version numbers, providing the companies deploying the solution comprehensive and clear insight into all devices, hardware, software, and potential security incidents.