Storing sensitive information in a database, like passwords or social security numbers, is common practice. However, storing them securely is less common. Unfortunately, one of the most typical approaches is to store sensitive information in a table as clear text. That means that anyone with access to that table can see all of that sensitive…
Read more
As an IT leader in a heavily regulated sector such as finance or healthcare, you’re no stranger to audits. They’re a critical part of ensuring compliance with regulations like the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), the PCS Security Standards Council (PCI DSS), and the Health Insurance Portability and Accountability Act (HIPAA). Still, audits…
Read more
Your SQL Servers are the backbone of your company’s data operations. They power critical applications and store valuable information. They enable financial decisions, undergird operational activities, and support your sales processes. But what happens if there’s a problem? What happens when data is lost or corrupted? Or if one of your key systems is down…
Read more
As we ring in 2024, many are reflecting on the past year and making resolutions for the future. For businesses, one resolution should stand out: recommitting to data security. The late-2023 Xfinity breach, where 36 million customers had their personal information compromised, serves as a stark reminder of the ever-present threat of cyberattacks. What happened?…
Read more
Poorly secured SQL Server VMs in Microsoft Azure are being attacked. And they are being used as a beachhead for additional exploits. According to a recent Microsoft warning, these attacks allow the bad actors to gain access to cloud resources without having to compromise the underlying infrastructure. How the attack works In the warning, Microsoft…
Read more
We know better than to click a link from the son of an unfairly deposed Nigerian Prince who needs our help. Yet, according to Deloitte’s 2023 Global Risk Management Survey, 91% of all cyberattacks begin with a phishing email. And many of them are successful. No business or industry is off limits. So, it’s important…
Read more
SQL Server is being targeted again. This attack is called DB#JAMMER. And it’s targeting poorly secured SQL Servers. What’s happening? Attackers begin by brute-forcing access into poorly secured SQL Servers. Once they have gained access, the attackers use xp_cmdshell to deploy tools. They manipulate the firewall, if needed, and transfer files to and from the…
Read more
Phishing attacks account for more than 80% of all security incidents according to this CSO article Top cybersecurity facts, figures and statistics. And the resulting data breaches cost an average of $3.92 million. With security incidents and data breaches making the news daily, it’s important to secure your networks, including your SQL Servers. That’s not…
Read more
If a user is a member of db_datareader, which grants access to a table, and db_denydatareader, which denies access to a table, which role will take precedent? That’s the question someone on LinkedIn recently posted in the SQL Server Administrators group recently. Here’s a link to the question. The LinkedIn poster essentially wanted to know…
Read more
Backup and restore? Log shipping? Maybe Failover Clustered Instances or Availability Groups can be used? Oh, what about Azure or another cloud provider? Some data centers offer “push button DR,” will that work? There are so many options. Where should we start with Disaster Recovery for our SQL Server? The point of Disaster Recovery Disasters…
Read more
Recent Comments