Even small businesses can take security steps

Locks, alarms and cameras can help guard your facilities and equipment. But what about your computer databases? They are the places where valuable, sensitive and potentially irreplaceable assets of your business are stored.

It is easy to assume that Internet firewalls and PC passwords are enough to prevent unauthorized access. That's not necessarily the case, according to Fredric Paul, publisher and editor-in-chief ofhttp://www.bMighty.com, an online resource that specializes in IT needs of small and medium businesses. Database breaches from both external and internal sources are increasing and cause for serious concern.

''Small businesses face a higher risk because they usually lack the IT security infrastructures and expertise of larger, but no less vulnerable, corporations,'' Paul pointed out. ''Because small businesses also lack the resources and expertise to detect and respond quickly to a breach, the consequences are greater as well.''

Here are some steps to keep your small-business database as safe as possible:

- Enable security capabilities: Many off-the-shelf databases have only limited default security controls. Make sure that all authentication controls are enabled. Avoid using common passwords for user and administrative accounts.

- Give the database a security checkup: Before entering any data, make sure no unwanted or unnecessary sharing features are activated by default. Check the software developer's Web site every few months to ensure that your version is up to date with all the latest security patches.

- Restrict database access: Even if you have a small, trusted staff, access to the database should be limited to a need-to-know basis. This will prevent passwords and other important information from being misused or unintentionally shared. It also provides an extra measure of safety in the event today's colleague becomes tomorrow's competitor.

- Encrypt sensitive data elements: Examine all the data elements in your database to determine whether any are extraordinarily critical. Would disclosure to the public or your competitors cause you to lose customers or put you out of business via lawsuits (for example, all the recent reports of credit-card numbers and Social Security numbers stolen by hackers)? Encrypt this data within your live database so that it would be valueless if your entire live database is hacked into and copied. Don't naively think it can't happen!

- Make regular backups: Depending on the size and extent of your small-business databases, backups should be made on a monthly, weekly or even daily basis. The data should be stored in encrypted format to further minimize its value to a data thief. Backups should also be kept at a secure, off-site location in case your normal place of business becomes inaccessible because of weather, fire or natural disaster.

- Keep track of trends: Even if you don't consider yourself a computer whiz, guarding IT resources is easier when you take a proactive approach.