3 ERP Security Risks and What You Should Do about Them

ERP systems keep expanding to include more features and better functionality. But the need to maintain ERP security is still the same – it might be more difficult today though.

ERP means one, single system for the whole enterprise. Security is part keeping it running all day, every day, for everyone and part keeping everyone outside who has no business on the inside.

More Devices

We have more and more mobile users in our systems today. These include dedicated mobile devices like scanners and printers. At the same time we want to connect with our smart phones and tablets from anywhere. This increase in devices adds a layer of complexity to ERP security access that was device-independent once upon a time.

More Delivery Platforms

ERP in the cloud is increasingly common today. The entire system including the software and all the data is kept somewhere else and maintained by a third party provider. These ERP systems work well and there are few problems but some fear the risk involved in trusting another business with the family jewels. We can also keep our software but use cloud storage for our data for a position somewhere in between. With the rise of cloud ERP, not only is ERP security place in the hands of an outside body, but further complexity is added to our security processes by the diversification of delivery platforms.

Recommended Reading: ERP Implementation Guide - The security of your ERP data can be improved with a proper implementation

More Sensitive Data

HR is more frequently a component of today’s ERP. For the business, the risk is the same as any other data. But for our employees there is heightened concern over having our identification, home address, and a lot of family information. Modern employees may feel they have no control over this data and its security once integrated into your ERP system.

So what can we do to improve ERP security? This really has not changed but the need to be vigilant is as important as ever.

  • Change passwords frequently – Minimize the time a stolen password can be used
  • Limit the data any one person can access – Only what they need for their jobs
  • Log everything – you never know until today what you wish you captured yesterday
  • Maintain a firewall – Your first line of defense
  • Encrypt your data – it might not stop a pro but it will slow them down and stop others
  • Secure against fraud – You have internal threats too
  • Track use of social networks – Plenty of phishers out there
  • Control external storage by employees – Can someone take your customer list on a thumb drive?
  • Watch traffic through customer and supplier portals – clearly define security parameters on a case-by-case basis.
author image
Tom Miller

About the author…

Tom completed implementations of Epicor, SAP, QAD, and Micro MRP. He works as a logistics and supply chain manager and he always looks for processes to improve. He lives near San Francisco Bay in California and can be found on the water in his kayak or on the road riding his motorcycle. Contact Tom at customerteam@erpfocus.com.

author image
Tom Miller

Featured white papers

Related articles