ERP security: a fairytale with no dragons!

Security remains an important factor for businesses in every respect. This is also true of ERP, which is a complex system with its own needs and requirements. However, it should not be addressed with fear, as proper attention and prevention make everything simpler.

Business’s responsibilities

ERP security starts with the solution itself and needs to be extended from the operating system to the individual modules. Nevertheless, to avoid misunderstandings and panic, security doesn’t have to be a time-consuming process. The most important step you need to take, is to ensure that the correct patches and latest security fixes are being applied. Actually, in the case of cloud ERP, there is no reason to concern yourselves with this either, since your provider has already taken care of it.

A first step, however, in any security plan is to name someone in charge. This person will handle everything, from ensuring that patches are properly and timely installed to overseeing a correct and strict password policy.

Appointing a security officer is important but, ultimately, most threats arise from user interactions with the system. These include mainly carelessness on the part of users, as well as deliberate attacks, either internal or external.

The key is to set realistic goals and policies for users and ensure that they are consistently followed. These include frequent changing of strong passwords, as well as training the users to identify the “tricks” of those skilled in social engineering.

As for the solution itself, encryption is your best friend. You need to encrypt data that is in motion, as well as information at rest. Anything that happens on your network terminals should be strongly encrypted. After all, modern systems are powerful enough to handle encryption/decryption load without performance burden. And again, with cloud ERP, all the above are handled by your reliable provider.

Users’ responsibilities

As far as users are concerned, your employees should learn how to protect their passwords and not share them with anyone, whatever the reason. To do so, they should know exactly what constitutes a strong password, so they can then use it.

Another point to keep in mind is that the majority of safety gaps is caused by social engineering. This leads to a long list of do’s and don’ts that your employees should follow. In particular, users need to be trained to detect phishing attacks, as well as avoid falling victims to them.

In addition, users should treat emails, especially unknown ones, as a potential risk and handle them accordingly. The same holds for the use of memory sticks on corporate computers, unless the user is completely sure of its origin and content.