Data protection is a critical issue today with the increasing number of data breaches and hacker attacks. The amount of sensitive data that is shared and stored online has increased exponentially in recent years, making it more important than ever to protect this data from unauthorized access and misuse.
There 4 main reasons it is important to protect data are:
To protect privacy: Personal information should be kept private to prevent identity theft and other types of fraud.
To protect sensitive information: Some types of information, such as medical records or financial data, should be protected to prevent unauthorized access or misuse.
To protect against cyber-attacks: Hackers and cybercriminals constantly try to access and exploit sensitive data. Protecting data helps prevent these attacks and the damage they can cause.
To comply with Australian regulations: – It is important for various industries to implement measures to protect data. For example, the healthcare industry must follow the Privacy Act 1988 and the My Health Records Act 2012, while the financial industry must adhere to the Payment Card Industry Data Security Standard (PCI DSS) and the Australian Privacy Principles. Failure to adequately protect data can result in fines and other penalties.
At DB Gurus, we take data security very seriously. In addition to the multi-layered approach of our hosting we have implemented several layers of protection to make sure that the client’s data is secure.
1. Database Backups – We make sure that your data is safely backed up regularly. We do daily and weekly backups in several locations. We put these redundancies in place to make sure there is no single point of failure.
2. Database Access – We make sure our client’s database can only be accessible by authorised personnel. From our end, only our most trusted and highly trained experts have access to the live database.
3. Change Control – All changes are recorded and documented via our internal database systems as well as 3rd party tools. Changes are tracked from initial client request, through analysis and coding to QA and release.
4. Source Control – All code is stored in multiple locations and checked in and out of our source control systems. Code is distributed to the relevant members of the development team to review changes and discuss at our regular team meetings.
5. Server Firewall – We operate a tight firewall on our live servers that only allows access to specific, dedicated IP addresses. Restricted access is then given to trusted staff members via a VPN, thus providing a 2-stage authentication.
6. User Access – All pages are secured with encrypted passwords and a password strength indicator encourages users to use strong passwords. Account holder passwords are always strong passwords and even the username is hard to guess.
7. User Roles – The database comes with standard roles that control what actions a user can perform. For more granular control, custom roles can be created to control actions at the table level.
8. Field Control – Fields can either be hidden/shown based off the User’s Role. Likewise, fields can be set to Read-Only based off the User’s Role.
9. Row Level Security – We utilise the proper Row Level Security to make sure that the data stays safe at all times.
10. Two factor authentication – 2FA is available to make the portal login more secure. This uses Google Authenticator.
