You should have a security policy. That’s it, that’s the tweet. Every business or product should have a security policy. There’s lots of [good resources] on how to make one, but any policy you make needs to secure the bare minimum:

• What data do we collect and how much security does it require (credit card info needs lots of security, favourite power ranger, not so much)
• Where do we keep our data and how difficult is it to access?
• Who has access to what parts of the system?
• What do we expose to the outside and through what channels do we expose it?

#database #database security #small teams #security checklist