Is BYOD a bad idea for ERP security?

Is BYOD a bad idea for ERP security?  Of course it is! Does it make a difference? No - BYOD is here to stay.

BYOD – Bring Your Own Device – has grown over the years and is going to continue growing. Smart phones of all types continue to get smarter. Users, our employees, have them already to link where their personal whims take them. The demand is here to link to business and ERP systems as well using the same devices.

Key BYOD security risks for ERP

The security risks for your ERP are obvious. We leave our phones at the coffee shop every day.  Thieves steal phones and sell them through existing markets for second hand phones. Phones use Android, IOS, Windows, and other operating systems and many different versions are in active use. At the same time, users have a wide choice of browsers they use to connect to systems like your ERP. People use their devices outside of your business firewall to connect to your ERP inside the firewall making an easy path for malware.

What’s the answer?

A good first step is to formalize an agreement between the business and any employee who might want to connect using their own device. Spell out in legally binding language who owns any data. Agree on authorized rights to that data and what can be done with it or to it. Agree on penalties when the authorized use is breached. Remember that data goes beyond the company’s ERP data. Your users have their own contacts, phone logs, sites visited, and similar data they own.

Find ERP systems that are suitable for BYOD companies using our completely up-to-date ERP vendor directory

The company might require a password or PIN on the mobile device. And the company might require knowledge of user’s PIN and permission to access the device. If the company pings the device from time to time, they can ensure the PIN is still active and unchanged. They can also scan sites visited and data stored looking for any security threat. When a threat if found, the company might retain the right to wipe any security threat from the device and blacklist certain web sites. The user would want to retain rights to their contact list and would not want to allow a complete wipe of all data from the phone.

How web portals can help

Another step toward security is for the company to employ a web portal for any mobile device connections. Your company can install connection software on the mobile device that passes the ERP connection through the portal, so that they can’t connect directly. Software in the portal can test the mobile device for risks and threats before allowing the connection.

One more step is to watch developments in ERP systems. BYOD is here to stay. If your ERP provider has an upgrade that includes good security for your system, using the tools from your ERP provider might be easier and lower cost compared to implementing your own security.

Whatever path you take, do not allow your users to threaten your ERP system and its data. They will use their own device so be prepared.

author image
Tom Miller

About the author…

Tom completed implementations of Epicor, SAP, QAD, and Micro MRP. He works as a logistics and supply chain manager and he always looks for processes to improve. He lives near San Francisco Bay in California and can be found on the water in his kayak or on the road riding his motorcycle. Contact Tom at

author image
Tom Miller

Featured white papers

Related articles