Here is a thing most boards do not know about their own systems. The database files that hold your customers’ data are very often sitting on disk completely unencrypted. Not encrypted in transit, which everyone has. Encrypted at rest, on the actual file, so that a stolen backup or a copied drive is just a readable copy of everything. That one is frequently missing, and nobody mentions it, because nobody looked.
It is an honest gap, not a negligent one. Encryption at rest on a database is a setting deep in the platform that does not announce itself. The application works fine without it. The website is secure. The firewall is up. And underneath, the crown jewels are in plain text, one misplaced backup file away from a notifiable breach.
The same is true of who can see what. Over the years, accounts accumulate permissions. A login created for a project in 2019 still has the keys to everything. A service account runs as full administrator because it was easier at the time. None of it shows up until someone asks, or until someone misuses it.
Would you be comfortable if a copy of your main database, taken today, fell off the back of a van? If the honest answer makes you wince, the gap is real, and it is invisible from where you sit.
These are not exotic problems. They are the quiet, default state of databases that were set up to work, not to be defended. We run a free, read-only check that surfaces exactly this, in plain English, mapped to your obligations. The risk was always there, in plain sight of anyone who knew where to look. We look.
Want to know if this is sitting in your estate? We run a read-only check and hand you a graded report in plain English.
Get your free health check