Beefing up your Database Security

Why Strong Security Measures Matter

We rely more and more on data and databases to manage both our personal lives and our businesses. However, recent high-profile data breaches—such as those involving Optus and Medibank—have raised serious concerns about data security and how to secure your database. With ransom attacks on the rise, it’s no surprise that many people are now questioning how safe their data really is.

What Went Wrong at Optus and Medibank?

At Optus, the breach occurred through an unprotected API that was publicly accessible. Since it didn’t require a username or password, anyone who discovered the API’s address could connect to it without any authentication.

In contrast, the Medibank breach happened after a single user’s credentials were stolen and sold on the dark web. These credentials were then used to download millions of highly sensitive personal records.

Adsafe Takes Action on Database Security

Adsafe, one of our long-standing clients, recently reached out during a security audit to explore ways to enhance their database security. Their primary concern was the risk of password attacks. These attacks occur when hackers guess or obtain a valid login name and then use either a dictionary or brute-force method to crack the password.

Our Approach to Stronger Database Security

We have already implemented many security measures to ensure that our client’s databases are secure. We’ll explain those steps in more detail in a future post. For Adsafe we focused specifically on strengthening their login security. Here’s what we put in place:

Encrypted all passwords in the database. This means that even if a hacker got access somehow (e.g. though a SQL Injection Attack) they still could not see any passwords and it would not help them gain .
We ensure users create strong passwords, by using a password strength indicator.

Adding an Extra Layer: Two-Factor Authentication (2FA)

For clients with especially sensitive data, a strong password isn’t always enough. To really secure your database we recommend enabling Two-Factor Authentication (2FA).

How 2FA Works

When users log in for the first time, they receive a unique QR code.
They open the Google Authenticator app on their mobile device. (If they don’t have it yet, they can download it from the App Store or Google Play.)
They scan the QR code using the app.
Google Authenticator then generates a 6-digit code that updates every minute.
From then on, users must enter this code—alongside their username and password—every time they log in.

2FA is now active on Adsafe’s database and is gaining popularity among our clients. It adds a powerful layer of protection and is simple to use.

Want to Secure Your Data?

If you’re interested in learning how we can help you store your data more securely, please get in touch. We’re here to help you stay one step ahead of cyber threats.

Tips for Creating Strong Passwords

To improve your own password security, follow these simple guidelines:

Use a mix of letters, numbers, and special characters.
Include at least 10 characters in your password.
Avoid reusing passwords across different websites and apps.
Change your passwords regularly.
Steer clear of easily guessable information like names or birthdates.

Useful Links

Australian Cyber Security Centre (ACSC) – Government guidance on protecting your business and personal data.
Office of the Australian Information Commissioner (OAIC) – Learn about your privacy rights and data breach obligations.
Google Authenticator Setup Guide – Official instructions for setting up 2FA using Google Authenticator.
Stay Smart Online – Australian Government’s tips for individuals and businesses to improve online safety.
Scamwatch – Stay informed about the latest online scams and how to avoid them.