Tag: system backup

FileMaker is an incredibly powerful tool for managing relational databases. Of course, the nature of this platform means a variety of sensitive material may be stored on these databases. From employee social security numbers to client’s banking info to company finances, it’s crucial to ensure this data is safe and secure.

Below are some easy-to-implement but powerful best-practices every company using FileMaker should utilize.

1. Implement User Authentication and Access Controls

One of the fundamental principles of database security– and digital security in general– is controlling who has access to your data. FileMaker provides robust user authentication features that allow you to control access at multiple levels. Utilize privilege sets to define different levels of access for various user roles within your organization. Implement strong password policies (including requirements for complexity and regular password changes) to enhance security.

2. Use Two Factor Authentication (2FA)

Two Factor Authentication (2FA) is the wave of the future and now is the time to embrace it. 2FA is the practice of requiring two forms of identification to log in. Typically, this is a standard password plus either an email with a unique code or an authenticator application that generates a one time password (OTP). Google, Azure, Apple ID, and AWS all offer 2FA systems; some businesses choose to utilize a custom authority setup.

3. Encrypt Data at Rest and in Transit

Encryption is essential for protecting your data from unauthorized access, both at rest and in transit. FileMaker supports encryption of data at rest using industry-standard encryption algorithms. Ensure that encryption is enabled for your databases to prevent unauthorized access to sensitive information. Additionally, use SSL/TLS encryption to secure data transmission between FileMaker clients and servers, especially when accessing databases over the internet.

4. Regularly Update FileMaker Software

Keeping your FileMaker software up to date is crucial for staying protected against security vulnerabilities and exploits. FileMaker regularly releases updates and patches to address security issues and improve overall system stability. Make it a priority to install these updates promptly to ensure that your databases are protected against known security threats.

5. Utilize FileMaker Server for Centralized Management and Security

FileMaker Server offers centralized management capabilities that streamline database administration and enhance security. By hosting your databases on FileMaker Server, you can take advantage of features like scheduled backups, automated updates, and enhanced user authentication options. FileMaker Server also provides additional layers of security, such as SSL encryption and external authentication options, to further protect your data.

6. Audit Trail and Logging

Maintaining an audit trail of database activities and logging access attempts is essential for detecting and investigating security incidents. FileMaker allows you to enable logging options to track changes to your databases, including modifications to records and access attempts by users. Regularly review audit logs to identify any suspicious activity and take appropriate action to mitigate potential security risks.

7. Secure FileMaker WebDirect Deployments

If you’re using FileMaker WebDirect to provide web access to your databases, it’s essential to ensure that your deployments are secure. Follow best practices for web server security, such as configuring firewalls, implementing SSL encryption, and regularly updating server software. Limit access to sensitive databases by implementing authentication mechanisms and access controls to prevent unauthorized access.

8. Educate Users on Security Best Practices

Finally, educating users on security best practices is critical for maintaining a secure FileMaker environment. The best security features can be rendered useless by a user carelessly sharing passwords, not following best practices, or even sharing confidential information in a phishing attempt.

Train your users to create strong passwords, recognize phishing attempts, and follow proper data handling procedures. Encourage users to report any suspicious activity or security incidents promptly.

Securing your FileMaker databases requires a combination of robust security features, regular maintenance, and user education. By implementing these best practices and staying informed about the latest security features, you can effectively protect your data from cyber threats and ensure the integrity and confidentiality of your FileMaker databases.

Of course, you can always reach out to Kyo Logic here with questions on security and how to improve. We’d be happy to help you evaluate current systems, identify opportunities, and provide you with the next steps to ensure security and compliance. We can even get a suitable training platform in place for your employees.

In an information age of cloud storage and remote collaboration, we tend to take our access to date for granted. Unfortunately, that level of accessibility is exactly what leaves businesses prone to issues– system failures, phishing and malware, and physical damage can cause sudden and catastrophic problems for companies that do any degree of business online.

Data backed up in the cloud isn’t necessarily safe, and some backup methods are more secure than others. It’s important to understand what constitutes a “good” backup system, how to proactively protect your data, and what to do if your backups fall short.

Let’s start with a sobering reality: having backups stored haphazardly or accessible to malicious actors is akin to locking your front door but leaving the windows wide open. While it may give you a false sense of security, it’s not enough to thwart determined threats. Whether it’s multiple backups stored in one physical location or backups susceptible to phishing attacks and malware infiltration, the risks are manifold.

What Threatens Backed Up Data?

Bad agents–that is, anyone looking to steal or corrupt your data– have a variety of tactics to get into your system. “Phishing” is the act of attempting to get sensitive data simply by asking for it. Hackers will often impersonate other employees or vendor representatives and request login or payment info. With the right login info, these hackers can easily access your data– no brute forcing or technical expertise necessary to even gain entry. Of course, this puts your data at risk of deletion, theft, and corruption.

“Malware” meanwhile, is software used to manipulate or damage computer systems. It could be a program that simply renders a computer useless. It could also damage entire networks of computers. Businesses backing their data up across a series of virtual machines could see malware corrupt all that valuable data nearly instantaneously.

Of course, employees wouldn’t purposefully choose to download or run malware. That’s why malware is often used in tandem with phishing– seemingly innocuous emails are sent with the intention of getting employees to click on links or run this software.

While we often think of the digital threats, there are also much simpler issues that could render your data useless. Flooding, fires, and storm damage could completely destroy physical servers. While it’s impossible to predict or fully protect against natural disasters, backing your data up across physical (and digital) locations will ensure these problems don’t wipe out everything.

What is a GOOD Backup Strategy?

So, what constitutes a “good” backup strategy? First and foremost, redundancy is key. Backups should be stored in multiple locations – both onsite and offsite – to mitigate the risk of a single point of failure. Cloud-based backups offer an extra layer of security, ensuring your data remains accessible even if your physical systems are compromised. Regular testing of backups is also essential to identify and address any vulnerabilities before disaster strikes.

Despite your best efforts, there may come a time when your backups are rendered useless. Perhaps they’ve fallen victim to a sophisticated cyberattack or succumbed to the forces of nature. In such scenarios, having a contingency plan is paramount. Whether it’s leveraging data recovery services or rebuilding your systems from scratch, swift and decisive action can mean the difference between a minor inconvenience and a full-blown catastrophe.

Having backups is non-negotiable in today’s digital landscape. However, simply having backups is not enough – they must be robust, redundant, and resilient to withstand the myriad threats lurking in the shadows. By following best practices, staying vigilant against emerging threats, and having a solid contingency plan in place, you can ensure that your backups are more than just a safety net – they’re a lifeline in times of crisis.