Information
Ensure user databases are encrypted using Transparent Data Encryption (TDE). Backups of databases encrypted with TDE are automatically encrypted as well.
Rationale:
A malicious party who steals physical media like drives or backup tapes can restore or attach the database and browse its data.
One solution is to encrypt sensitive data in a database and use a certificate to protect the keys that encrypt the data. This solution prevents anyone without the keys from using the data.
Impact:
A database datafile, logfile or backup accidentally exposed to the Internet or transmitted outside a secure environment can be easily copied/restored to a SQL Server anywhere and its contents discovered.
Solution
Implement TDE encryption on each user database with sensitive data.
More info on how to do this is available here: https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption