5 ERP Security Concerns You May Have Overlooked

PostedOn: 2017-06-15 11:35:55

The open-office floor plan (both loved and loathed) is a craze that swept corporate America in the past several years, eliminating walls and cubicles in favor of a communal environment. The idea is to increase collaboration and decrease hierarchy, but no matter how open an office became, there were always a few functions that remained behind closed doors  the back office. 

Back office functions have a greater need than anyone else in the office to keep privacy top of mind. And with more and more businesses rotating to enterprise resource planning (ERP) software to automate day-to-day business activities such as HR, accounting, business intelligence, and supply chain, it’s never been more important to ensure the strongest security measures are in place. 

The Good and Bad of ERP and Data Security

ERP both eliminates some security concerns and presents others. On one hand, moving back office functions to a digital system helps prevent the human errors that are likely to occur with antiquated, offline systems. 

The consolidation of all data into one comprehensive solution can make security easier  it’s just one system to monitor and control access to. But the same consolidation that makes ERP more secure and efficient can be its greatest risk if security isn’t properly considered. With all data in one place, it’s critical that you don’t overlook any security concerns in your ERP. One mistake can put all of that data at risk. 

To ensure you’re taking advantage of all the benefits of ERP, consider and address these five commonly overlooked ERP security concerns. 

1. Weak Passwords

ERP eliminates many back office silos by creating a single solution. This is excellent for efficiencies in terms of time and cost, but also presents a risk. With several functions having access to the solution, you’ll have more users than ever logging in. To keep your ERP secure, ensure users have passwords that are generated to be very secure versus personally created passwords. Research shows that strong passwords are even more important than changing passwords at regular intervals  a relief for those of us who’ve run out of numbers to increment on our favorite password.

2.  Unrestricted Data

Again, many users in one system creates the potential for say, a sales person logging in to view client contact data to access data from HR’s personnel records. Quality ERP systems will make it simple to restrict access to data on a case-by-case basis. It’s important to take advantage of those measures, check-in with your access list regularly, and ensure data is only available to those who need to use it. You should also have an off boarding plan in place to remove access for those who change roles or leave your company. 

3. Outside Reporting

Much of that restricted data can and will be shared in some capacity with internal or external team members who don’t have access to your ERP system. It’s useful at everything from client check-ins to team-wide town halls. However, when ERP users take data from within the system and export it to other reporting tools, such as Excel, they put that data at risk. That’s why it’s important that your ERP has the capability to generate comprehensive reports. The more you can keep all reporting within the system, the better for privacy. 

4. Delayed Updates

To understand the risk of delayed updates, just think about your personal phone. If you’re not set up to manually update your apps, you're likely constantly getting notifications that a new release is available and you should update now. Updates such as these address not only bugs, but vulnerabilities. If you’re not keeping your ERP freshly updated, you’re putting the system at risk. One of the best ways to avoid this is by choosing a Cloud-based ERP system that makes updates automatic. Just set it and forget it. 

5. Storage Encryption

ERP software not only eliminates the need for several back-office solutions, it makes long-term data storage a cinch. Once its implemented, never again will your team have to sift through multiple digital or (worse yet) paper systems to find data. But all of that historical data storage requires careful security. ERP systems that aren’t on the Cloud are most at risk because network administrators can have access to the data  proper encryption is essential. Cloud-based systems are more secure because the data is stored remotely. Still, it’s essential to encrypt the most sensitive data to protect against any problems. 

When used properly, ERP is designed to eliminate headaches in terms of process, cross-team integration, and security. But as with any new office innovation, you can’t just turn it on and hope it works. For better process, you have to have training. For improved cross-team integration, you have to bring the right players into implementation. And for increased security, you can’t overlook these important concerns.