An ERP brings a remarkable degree of strength to a business through the automation of day-to-day processes and the provision of invaluable insights in real time. However, without proper security measures in place, that system is at risk of being compromised by cybercriminals with potentially devastating consequences. So it’s imperative for businesses to take the right precautions to secure the entire IT ecosystem and avoid making these mistakes.
Full access rights
While some members of staff will need full access rights, it should never be given to the entire staff complement by default as this creates unnecessary risks. Only certain individuals should be given access to sensitive company and employee data and have the ability to make changes to the system. The reasons for this extend beyond the risks posed by malicious employees, it’s about hedging against the possibility that one or more of them could have their log-in details compromised. It’s also important to maintain audit logs that show any changes made on the network so unauthorised actions can be tracked and reversed.
Compliance
If you are storing sensitive client information such as contact and banking details on your ERP system, the law requires that you adhere to certain security standards. When credit card information is involved, vendors are subject to the Payment Card Industry Data Security Standard, which entails building and maintaining secure networks and systems with strong access control, regular monitoring and an information security policy.
Unauthorised systems
A proper ERP system will eliminate the need to use multiple software programs to achieve the same result, a practice known as “Frankensteining”. Sometimes businesses will do this even though they have a comprehensive ERP because some staff prefer the old, familiar software. This should be avoided because it multiplies risk by storing data in multiple programs at the same time.
Single-factor authentication
Standard passwords represent a single line of defence from intrusion, but a password is far from infallible. Given the scope of a modern ERP system, and the sensitivity of the information it usually contains, single-factor authentication is no longer enough. Adding a second layer is an obvious and effective solution. Requiring users to enter a code sent to an email address or their mobile device, for example, greatly reduces the likelihood that someone will acquire the “keys” to your ERP system. Read about multi-factor authentication in our newsletter.
Unsecured software
Although software developers strive for a perfect product, they inevitably need to release patches and updates to plug any security holes and fix any bugs that users discover post-release. Cybercriminals will exploit these security gaps once they are known, so it is essential that you download patches and updates as soon as they become available.
Unsecured infrastructure
The entire IT infrastructure needs to be protected with sound perimeter security. Measures such
as a firewall, intrusion detection/prevention and threat monitoring should be present on the network that houses your ERP system. Additionally, each device on that network should have up-to-date anti-virus and user permissions management software.
The Sage X3 advantage
ERP safety requires a holistic and layered approach to network security. The Sage Business Cloud Sage X3 product suite provides robust security for your IT ecosystem and your cloud-based ERP data by extension. SynergERP is strengthened by its Cloud & Infrastructure division, delivering layered security measures with sturdy software, properly configured for your specific business requirements to ensure maximum fortification and functionality.