Keeping FileMaker Secure

Posted by John Mathewson on June 20, 2024

FileMaker is an incredibly powerful tool for managing relational databases. Of course, the nature of this platform means a variety of sensitive material may be stored on these databases. From employee social security numbers to client’s banking info to company finances, it’s crucial to ensure this data is safe and secure.

Below are some easy-to-implement but powerful best-practices every company using FileMaker should utilize.

1. Implement User Authentication and Access Controls

One of the fundamental principles of database security– and digital security in general– is controlling who has access to your data. FileMaker provides robust user authentication features that allow you to control access at multiple levels. Utilize privilege sets to define different levels of access for various user roles within your organization. Implement strong password policies (including requirements for complexity and regular password changes) to enhance security.

2. Use Two Factor Authentication (2FA)

Two Factor Authentication (2FA) is the wave of the future and now is the time to embrace it. 2FA is the practice of requiring two forms of identification to log in. Typically, this is a standard password plus either an email with a unique code or an authenticator application that generates a one time password (OTP). Google, Azure, Apple ID, and AWS all offer 2FA systems; some businesses choose to utilize a custom authority setup.

3. Encrypt Data at Rest and in Transit

Encryption is essential for protecting your data from unauthorized access, both at rest and in transit. FileMaker supports encryption of data at rest using industry-standard encryption algorithms. Ensure that encryption is enabled for your databases to prevent unauthorized access to sensitive information. Additionally, use SSL/TLS encryption to secure data transmission between FileMaker clients and servers, especially when accessing databases over the internet.

4. Regularly Update FileMaker Software

Keeping your FileMaker software up to date is crucial for staying protected against security vulnerabilities and exploits. FileMaker regularly releases updates and patches to address security issues and improve overall system stability. Make it a priority to install these updates promptly to ensure that your databases are protected against known security threats.

5. Utilize FileMaker Server for Centralized Management and Security

FileMaker Server offers centralized management capabilities that streamline database administration and enhance security. By hosting your databases on FileMaker Server, you can take advantage of features like scheduled backups, automated updates, and enhanced user authentication options. FileMaker Server also provides additional layers of security, such as SSL encryption and external authentication options, to further protect your data.

6. Audit Trail and Logging

Maintaining an audit trail of database activities and logging access attempts is essential for detecting and investigating security incidents. FileMaker allows you to enable logging options to track changes to your databases, including modifications to records and access attempts by users. Regularly review audit logs to identify any suspicious activity and take appropriate action to mitigate potential security risks.

7. Secure FileMaker WebDirect Deployments

If you’re using FileMaker WebDirect to provide web access to your databases, it’s essential to ensure that your deployments are secure. Follow best practices for web server security, such as configuring firewalls, implementing SSL encryption, and regularly updating server software. Limit access to sensitive databases by implementing authentication mechanisms and access controls to prevent unauthorized access.

8. Educate Users on Security Best Practices

Finally, educating users on security best practices is critical for maintaining a secure FileMaker environment. The best security features can be rendered useless by a user carelessly sharing passwords, not following best practices, or even sharing confidential information in a phishing attempt.

Train your users to create strong passwords, recognize phishing attempts, and follow proper data handling procedures. Encourage users to report any suspicious activity or security incidents promptly.

Securing your FileMaker databases requires a combination of robust security features, regular maintenance, and user education. By implementing these best practices and staying informed about the latest security features, you can effectively protect your data from cyber threats and ensure the integrity and confidentiality of your FileMaker databases.

Of course, you can always reach out to Kyo Logic here with questions on security and how to improve. We’d be happy to help you evaluate current systems, identify opportunities, and provide you with the next steps to ensure security and compliance. We can even get a suitable training platform in place for your employees.