You should have a security policy. That’s it, that’s the tweet. Every business or product should have a security policy. There’s lots of [good resources] on how to make one, but any policy you make needs to secure the bare minimum:
- What data do we collect and how much security does it require (credit card info needs lots of security, favourite power ranger, not so much)
- Where do we keep our data and how difficult is it to access?
- Who has access to what parts of the system?
- What do we expose to the outside and through what channels do we expose it?
#database #database security #small teams #security checklist