100% TRUE AND VERY IMPORTANT In terms of database access, risk assessments should address those who have legitimate credentials for viewing, entering, updating, or removing data from the database and those who are restricted from accessing the database or who have limited rights.
From my experience, limit the number of those with full access (1-2 people, 3 at most). Also, perform daily backups. If this data is critical, you can set timers for it to be backed up during intervals in the day. Relationship databases or databases that can be shared should only be shared for viewing.
