It's almost a weekly news item. A data breach occuring somewhere in the world that means a large group of people suddenly needs to be concerned with identity theft. Apparently there's a comprehensive report from VISA on the top 5 causes and most of them affect the DBAs out there.
While I'd say that developers are the ones that need to avoid storing data on a card's magnetic stripe, the other four issues are ones we can help. And they're common sense:
- Patch your servers
- Change defaults
- Avoid SQL Injection
- Disable unnecessary services
All simple, common sense, best practice, and what should be required practices in any development project, much less one dealing with financial data.
Security is a tough business and most people don't want to deal with it. Most compromises are non-technical, meaning some human is involved in the loss of data. Usually this is through corrupt employees or social engineering. And it should stay that way.
There's no excuse for not being current on patches. Maybe not up to the minute because after all, we need to test them, but you shouldn't be six months behind either. And you shouldn't default accounts, passwords, services, etc. unless there's no way to disable them.
Security is a process and you should be constantly working on yours.