4 Steps to Ensuring ERP Data Security

Your ERP data is your business in a virtual form. With that in mind, your strategy for ERP data security has to be at least as watertight as your security strategy for your other business assets. Here are some tips on how to develop a secure strategy for your ERP data.

1. Define User-Access and Audit Regularly

Any ERP user should have role-based access defined for all datasets. This access should also be segmented into at least three categories; read-only, export-permitted and full access (including editing).

On a basic level, ensure users log on to the ERP with secure user identifications and strong passwords. Require new passwords frequently and irregularly. ERP data security can also be maintained through regular data audits. Audit user accounts to verify their job duties require access to the data they are currently authorized to use. When a user’s access needs to change because they took a new position, change access to the ERP data based on the new role. Do not simply build on their current access levels as these may no longer be required.

2. Monitor Data Usage and Transactions

Develop queries to monitor ERP data usage looking for anomalies. Begin by looking for easy targets, such as users authorizing payments to themselves. Then begin to look for trends. If an ERP user’s transaction volume increases or decreases in an unusual pattern, it might be a sign that trouble is brewing.

3. Monitor and Protect External Transactions

ERP data security for external transactions is even more of a challenge. All cloud transmissions are included and many related to in-house systems too. Your connections should always be secure and you should test the security regularly. Consider encrypting your data flowing beyond your control. Is your ERP data security worth the fraction of a second added to connection times? The answer is probably yes. You should also monitor the type of devices which are being connected to your ERP. Do these devices comply with your company’s BYOD guidelines?

4. Remember the Old-Fashioned Security Methods

Simple manual controls such as segregation of duties have worked for hundreds of years and still work today. Transactions (financial and data) should be authorized by at least one individual not directly connected with the transaction. Sequentially numbered purchase orders and sales orders are another frequent security control method employed. Where possible, define formats for ERP data including social security numbers, check numbers and part numbers. Data not fitting the defined format can be rejected from processing.

Many ERP software products on the market now have built-in ERP data security measures, but these should not be thought of as anything more than a safety net. A successful data security strategy is built upon the understanding of your employees and the diligence of your managers.

author image
Tom Miller

About the author…

Tom completed implementations of Epicor, SAP, QAD, and Micro MRP. He works as a logistics and supply chain manager and he always looks for processes to improve. He lives near San Francisco Bay in California and can be found on the water in his kayak or on the road riding his motorcycle. Contact Tom at customerteam@erpfocus.com.

author image
Tom Miller