Five sloppy ERP security practices that could cause your company havoc
As data-driven business becomes more a rule than an exception, issues associated with ERP security management have also become more problematic. Consequently, we thought we’d point out five sloppy ERP security practices threat that managers should look out for:
1. Non-compliant security standards
Things typically evolve quickly in the online security environment, and during the last three years various issues, significant data hacks, and malicious large-scale network penetrations have become more frequent and intense. Consequently, chances are that what may have previously existed as solid and persistent enterprise security standards are now likely to be obsolete, and prone to direct, and/or in-direct attack. Keep on top of security compliance regulations and update your pracrtices accordingly.
2. Archaic security admin rules
In the same way that obsolete enterprise security standards offer unknown threat levels, weak admin rules associated with the application of authentications, the safeguarding of FTE information, datastore controls, and hosts of other ‘under the hood’ concerns provide for similar levels of outright fear. In this case, you only have to fail once to open a Pandora’s box-worth of pain that is capable of plaguing an enterprise for years to come. As a result, review and update your ERP admin rules quarterly, or even more frequently if new threats start appearing on the horizon.
3. Outdated security updates
This bit of maintenance laziness may appear to be nothing to worry about but, in truth, is perhaps the easiest way that bad guys gain entry to an enterprise environment. Granted, ERP security operators are annoyingly persistent when it comes to announcing updates, but lets be clear: they don’t do it because they want to be pains in the caboose. Instead, they are waving red flags because they know something that you or your IT security people don’t, and are trying to keep your systems safe and stable.
While it’s easy to overlook updates in the same way as low-level maintenance, this kind of thing is a really big deal, so you should respond to any update announcement just as soon as you get the heads up.
4. Weak security reporting
This is another bit of administrivia, but it’s important nonetheless. Monitoring and reviewing ERP security squawks should be a daily task, particularly in the case of large-scale enterprise environments. Even if a squawk is automatically defeated and causes no noticeable issue, bread crumbs are always left after-the-fact that can offer a clear sense of what’s coming down the pike if you are vigilant about reviewing your security situation. So, if you see repeatedly attempts to trigger likely tell-sign characteristics, better you should immediately begin working the problem directly, or go to an external resource for help sooner.
5. Non-responsive security auditing
Back in the day large-scale enterprise security audits usually amounted to somewhere between five to ten vanilla questions before wrapping up a typical report section. Today, however, they involve highly-detailed investigations, and results can be amazingly useful if you’re willing to pay attention.
Unfortunately, many technologists would rather remove various human organs with rusty spoons than spend much time wading through the results of comprehensive security reports. However, critical information is usually available, and my advice would be to at least take a look, if for any other reason than to avoid triggering one’s career termination light sooner rather than later.
Is BYOD a bad idea for ERP security?
A comprehensive look at the ERP security risks presented by BYOD policies
Four ERP security issues faced by public sector companies
Public sector ERP brings a unique set of security challenges - here’s what to look out for
Mini-ERP: affordable integrated solutions for SMEs?
Standalone CRM or accounting software not good enough for you? Mini ERP could be what you’re look...