Information theft is the most profitable crime in the world today, as well as the one posing the least risk to the criminal. In most instances, breaches are not done by mysterious genius hackers in Eastern Europe, but by insiders who have been given the keys to the kingdom as part of their jobs, while their other job is working for a syndicate. 
With 75% of all information security breaches in corporations being against the company’s databases, users must ask why more companies are not taking effective action to protect their most valuable assets: their information.
“If a stranger walked into your business and asked for the database administrator’s password, would you give it to him? The answer, one hopes is no,” says Hedley Hurwitz, MD of Magix Integration.
“That being the case, if you hire that stranger to look after your databases today and he starts work tomorrow, one of the first things he receives is the password and access to all your data.”
Hurwitz adds that corporate file servers are even more poorly protected and even more at risk than databases. The data on files servers is completely unstructured, yet contains a variety of files, from spreadsheets to statements, business plans and payment data.
Protecting data, whether unstructured or structured (database) requires specific tools and knowledge, as well as insight into the processes with which legitimate users access and use the data.
“When you know what legitimate access looks like, it will be easier to implement monitoring solutions that identify abnormal activities for further investigation,” adds Hurwitz. “Monitoring solutions will also identify legitimate transactions that cross normal boundaries so that they can be verified before they are approved.”
Hurwitz adds that there are four common mistakes companies make when seeking to secure their data:
* Not evaluating all their options and choosing something that seems simple. There are many solutions purporting to secure your data, not all are as effective. Database administrators and IT managers need to ensure they know what their business requires, examine all the options available before selecting one best suited to their needs.
* Not monitoring access to the servers hosting databases. It’s not only access to the data itself that is important, but also to the hardware, like the servers that needs to be secured. It’s no good allowing attackers into the server in the hopes that they won’t get to data.
* Making database administrators responsible for data monitoring. Database administrators are experts at making the database perform optimally, they are not security experts.
* Choosing the cheapest option. Users get what they pay for. This does not mean they have to opt for the most expensive solution on the market, but choose the one that meets their needs.
Securing data effectively requires a multi-faceted approach incorporating tools, knowledge and constant user activity monitoring. The combination of these does not need to break the bank, but can prevent data loss from breaking the business.