On a lot of SQL Servers there is an account called sa. It is the original master key, the one that can do anything, and its name has been the same since before some of your staff were born. Which means every attacker on earth already knows it exists and what it is called. They do not have to find the front door. They were handed the address at birth.
Best practice, for twenty years, has been to disable it or rename it, and use named accounts you can actually track. Simple. Free. Takes a minute.
We still find it, enabled, named sa, with a weak password, on production servers holding real data. Not because anyone decided to leave it. Because nobody decided to change it, and the server never complained, so it sat there, a default nobody revisited, quietly being the easiest target in the building.
One we found had the same sa password across the entire estate. Guess one, own all of them. It had been like that for years. No breach, no incident, no harm done, which is exactly why it survived. The absence of a disaster is not the same as safety. It is just a disaster that has not happened yet.
We fixed it in an afternoon, the way these things usually go. The hard part was never the fix. It was that nobody had looked, because everything was fine.
If you want to know what your servers are quietly leaving open, we will check, for free, read-only, and tell you straight. The server has been telling you the whole time. Most people just never ask it.
Want to know if this is sitting in your estate? We run a read-only check and hand you a graded report in plain English.
Get your free health check