So, you're convinced about the seriousness of database security. What can you do to ensure that your organization's database doesn't fall victim to Maxus and friends? The old adage about an ounce of protection definitely applies in this situation. Spending an hour or two tightening up the security controls on your database might nip a potentially disastrous hacker attack in the bud.
If you're running Microsoft SQL Server, the single most important task is to ensure that a strong password protects your "sa" account (and your other accounts as well!). Simply open up Enterprise Manager and drill down to the "Logins" selection of the database you're concerned with. Click on the "sa" account and you'll be presented with the screen below:
If there's no password provided (as illustrated by the red box above), your database is wide open! Any user who can reach your machine can gain full access to your databases by simply using the default login parameters. Insert a password and repeat this test for the other accounts and databases you're responsible for.
Next, take a look at the services you're running on the machine that hosts your database server. Are they all necessary? If you find extraneous services running, remove them. They're only adding unnecessary complexity to your Internet presence that could possibly introduce additional vulnerabilities to your system security.
Database security is the responsibility of every database administrator. Play it safe -- your organization's reputation is on the line.