As companies and organizations grow and technology integrates all aspects of business processes, enterprise resource planning (ERP) systems carry on to expand in an attempt to keep pace. One thing that hasn’t changed is the need for superior security to protect sensitive information and financial investments. Traditional security measures such as firewalls and encryption are still needed, but new technology and new threats call for new measures of security.
ERP systems are a direct line to a company’s customers, workforce, suppliers, and other business operations, making them the perfect target for those wanting to obtain sensitive or protected information. So how do you deal with the increased security risks associated with your ERP system?
One of the most common security risks is also the most easily solved. Many companies integrate their ERP system but neglect to schedule or implement the necessary software updates. Although these updates might take some time and could cause delays or interruptions in your business dealings, they are essential in protecting you, your customers, and your vendors and suppliers. Without these updates, you leave your business vulnerable and more susceptible to security breaches. The simple solution is to deploy all updates and software patches as soon as they are offered from the vendor. Another option is relocating to a hosted system where the host will handle vendor patches and updates for you.
Despite many companies’ focus on the importance of passwords, password creation, and password protection, a large percentage of security issues are simple password breaches or hacks. Various programs have the capability to break passwords or flood applications, allowing hackers an open door to your ERP system. Unfortunately, some of the most damaging and dangerous hacks are created by humans, not machines: Using a form of social engineering, users are tricked or manipulated into voluntarily offering their credentials. Once inside, these hackers have the ability to log in to the system with a valid authorization, manipulate accounts, and divert information, funds, or products as they see fit. The fix for this security issue is simple create strong, original passwords, avoiding the commonly used “login,” “password,” and “123456” passwords or variations of these. In addition, make a habit of changing ERP passwords on a frequent schedule, and requiring your staff to do the same.
Security threats from the outside are most common and receive the most attention; however, the threat from within can cost your company substantially. Staff and employees with malicious intent can access areas of your business operations and ERP system using their valid authorization. Once logged in, they have the capability to cause losses or discrepancies in the form of inconsequential money transactions, altered time logs, or changed employee schedules. Although ERP systems have a significant security element, adding an additional level of security via segregation of duties controls or varying levels of authorization can ensure you’re protected and only trusted employees have access to financial or workforce records.
It takes only one look around a restaurant or a coffee shop to realize that everyone’s online. Your business’ inclusion in this online environment presents another rising ERP security risk. Using more devices to connect your company is wonderful for business growth but might not be so wonderful for the security of your ERP system. Although people have been logging on to the Internet for years, not everyone completely understands the true level of risk involved with being online and constantly connected. By using a two-step (or two-factor) authentication process, you can easily decrease the rising security risk to your ERP system. With a mobile device, two-step authentication provides users with a means to secure their accounts through an additional layer of protection than just their password.
Many owners and managers believe once they have purchased and implemented their ERP system, their business processes are now set to run for the life of the business. This perception is far from the truth, and can potentially harm their business in the end. Technology is ever changing. If you don’t want to fall behind, it’s essential to keep up on the trends, business standards, and fresh requests, and to ensure your ERP system does too.