The recent military invasion of Ukraine and resulting economic sanctions against Russia are expected to cause an increase in cyber threats such as ransomware and DDoS attacks. It is critical to stay vigilant and take necessary steps to ensure the security of your SQL Server databases. Below are a few items to review to help protect against data loss should your organization be targeted or fall victim.
- Limit highly privileged accounts – Make sure the sa login has a strong password. Ideally, this password should be rotated frequently and/or the login should be disabled. Use separate logins from your day-to-day accounts for SQL Server administrative use to reduce damage from successful phishing campaigns. Review AD groups that may have elevated permissions. Remove or disable unused or unnecessary logins.
- Review backups – Check backup logs for failures. Storing backups on a completely separate storage system is highly recommended. Ransomware can encrypt backups that are not adequately isolated and secured, limiting your ability to recover from a ransomware infection.
- Close unnecessary open ports – Reduce your attack surface wherever possible. Especially avoid having port 1433 open to the internet. Use firewall rules to limit access to database servers to only necessary applications.
- Apply security patches – Known exploits in unpatched servers will be probed by malicious actors.
- Follow alerts from security agencies – The Cybersecurity & Infrastructure Security Agency (CISA) is one such source – Current Activity | CISA