If the administrator is not on top of things, there will be a high risk of unintentional threats caused by inadequate operating system security and poor backup techniques. Poor network security increases the risk of intentional threats, particularly if files are shared over the web, or on a wireless network without security built in.

Risks are also introduced if shared files are accessed from file servers instead of using the built-in network sharing. Employees can make inappropriate copies of the files, and can introduce accidental or intentional record locking. You will face potential corruption issues when files are shared by inappropriate means or by not  following the correct protocols.

If there is poor physical security in the office or whilst travelling or working at home, the computers/laptops/PDAs can be stolen and mined for data.

And of course, the more sensitive or proprietary the data, the more likely you are to be vulnerable to attack, simply by virtue of the fact that what you have is worth stealing.

By taking the appropriate steps at the outset when getting your database set up, you will be able to ensure a safe a fully functional database system.

If you already have a database system in place, but feel it needs improvement, assess your risks and threats, and what you can do about plugging the holes quickly and effectively.

In our next series of articles on database security, we will give you a top 10 list of things you can do to protect your data.

Also be aware of your own company’s particular security issues and challenges.

Each workplace is different, so some will have more risk to the database than others.

For instance, one set of workplace variables might involve inexperienced data entry staff, a high turnover of staff, and many new computer users. In these circumstances, it is easy to see the type of risk and level of risk involved. Your security would clearly have to contend with the high risk of unintentional threats caused mainly by data entry mistakes, poor backup techniques, and lack of familiarity with the program in particular, or computers in general (I’ve been on the internet for over a dozen years now, and am STILL amazed by the number of people who don’t know how to copy and paste!)

An inexperienced database designer and/or administrator will lead to a high risk of unintentional threats caused by employees having inappropriate file and database feature access settings.

Employees may introduce unintentional threats by sharing files without taking proper security measures.  Data is exposed if their accounts and privileges are not configured correctly to protect the files adequately. They might not build back up and redundancy into the system.  They might not know enough, or attempt to take short cuts with security.

In this case, you would want to set different levels of access, so that, for example, only one or two people have full access. Everyone else will be gradated down from their according to their job, function, and how essential it is that they access the information in the database, both from their work computer and even their home one.

Planning security
Most of the ready to use databases will have built-in security features such as setting up individual accounts, and privilege sets for each of these accounts. If you are thinking of buying a database program, do your research to find one that offers good security with ease of use.

Security is important, of course, but leave some wiggle room as well for individual circumstances, for example, the executive who has to work from home a couple of days a week.
Layer security at every area of access, including locking down computers, setting accounts and privileges in the databases, restricting access to directories, and taking other steps to protect the data.
Make sure you have a frequent and regular update schedule, with a way to restore data if it is inadvertently destroyed or is hacked and tampered with.
Continually evaluate your security to make sure it is protecting your data. This includes verifying that users have the latest, most secure software versions, changing passwords on a regular and ongoing basis, evaluating log files to avoid surprises, and rigorously following a back-up scheme. This all involves work, but you can’t afford to be complacent.
Configure and test security options as you add data to your files over time.

It is important to note that small businesses and larger workgroups may face the same threats, especially on the Internet. Employees in small businesses and home offices may assume they are safe because they have a low profile, but this is no longer true.

Hackers use automated tools to detect and break into vulnerable systems. If you install a simple firewall by Zone Alarm, you will be amazed at how many times you will be poked in just a short amount of time.

A great number of these hackers are looking for passwords, information that will help them with identity theft, and so on. The value of the data will usually determine the time and resources a hacker will invest in attempting to crack a system.
Often the goal of the attack is just to find a system that can be used to confuse the trail involved with attacking another target. So in other words, your computer might be just one stepping stone in a trail of devastation.

Small businesses are generally easier to get access to than larger organizations because they often lack good perimeter defenses (for example, firewalls maintained by experienced network administration staff).

In many cases, home run and small businesses have valuable assets (and underestimate the value of those assets until they have been tampered with!) and don’t have baseline security standards for their computer systems (for example, if all computers aren’t using the most secure operating system versions, the best browser editions, or people on the network are  not regulated in terms of what they download from the internet).

Outside intruders frequently want access to the data of a workgroup or small business. Occasionally their goal is to disable the system, but it’s more common to attempt to gain access to sensitive information, such as credit card numbers or identification information like passwords, and birth dates.

Intruders are assumed to be located far away from the workgroup, and likely to have little direct knowledge of the system. They use automated scripts to locate systems that have well-known weaknesses. Only a modest amount of security is needed to convince them not to waste their time, and go after another target.

Potential threats to your data security
You need to protect your data and database design from both unintentional and intentional changes.

Someone might try to copy aspects of your design, look at the data entered by your users, damage the system (perhaps by using someone else’s user ID).

They might try to enter false data, ruin your reports and layouts, corrupt calculations, or break scripts. They can also write bad code, plant worms or Trojan horses, or put in malware or spyware depending on what platform or server you are using.

The most common threats to your data include:
• Unintentional threats from known parties, and accidents. Authorized users can inadvertently make mistakes, see data they shouldn’t see, delete or change records that they shouldn’t have access to, and delete or damage files so that the system becomes unavailable to the rest of the users. Or, a badly set up database, or one not granted enough licenses on a network, for example, might block others from accessing it until they log out.
• Intentional threats from known parties. Consider hackers who will benefit from accessing data that they shouldn’t see, who might falsify data, or intentionally try to damage the data maliciously in order to destroy it or mislead you.
• Uninvited intruders or threats from anonymous parties. Mostly, these are Internet-based threats from intruders with anonymous access who attempt to steal information, cause damage, or make web systems unavailable. These cybervandals and hackers can cause a great deal of damage if you don’t think about security from the outset and leave yourself vulnerable.