Five sloppy ERP security practices that could cause your company havoc

As data-driven business becomes more a rule than an exception, issues associated with ERP security management have also become more problematic. Consequently, we thought we’d point out five sloppy ERP security practices threat that managers should look out for:

1. Non-compliant security standards

Things typically evolve quickly in the online security environment, and during the last three years various issues, significant data hacks, and malicious large-scale network penetrations have become more frequent and intense. Consequently, chances are that what may have previously existed as solid and persistent enterprise security standards are now likely to be obsolete, and prone to direct, and/or in-direct attack. Keep on top of security compliance regulations and update your pracrtices accordingly.

Recommended reading: implement your ERP as securely as possible with our 11 step guide to ERP implementation success.

2. Archaic security admin rules

In the same way that obsolete enterprise security standards offer unknown threat levels, weak admin rules associated with the application of authentications, the safeguarding of FTE information, datastore controls, and hosts of other ‘under the hood’ concerns provide for similar levels of outright fear. In this case, you only have to fail once to open a Pandora’s box-worth of pain that is capable of plaguing an enterprise for years to come. As a result, review and update your ERP admin rules quarterly, or even more frequently if new threats start appearing on the horizon.

3. Outdated security updates

This bit of maintenance laziness may appear to be nothing to worry about but, in truth, is perhaps the easiest way that bad guys gain entry to an enterprise environment. Granted, ERP security operators are annoyingly persistent when it comes to announcing updates, but lets be clear: they don’t do it because they want to be pains in the caboose. Instead, they are waving red flags because they know something that you or your IT security people don’t, and are trying to keep your systems safe and stable.

While it’s easy to overlook updates in the same way as low-level maintenance, this kind of thing is a really big deal, so you should respond to any update announcement just as soon as you get the heads up.

4. Weak security reporting

This is another bit of administrivia, but it’s important nonetheless. Monitoring and reviewing ERP security squawks should be a daily task, particularly in the case of large-scale enterprise environments. Even if a squawk is automatically defeated and causes no noticeable issue, bread crumbs are always left after-the-fact that can offer a clear sense of what’s coming down the pike if you are vigilant about reviewing your security situation. So, if you see repeatedly attempts to trigger likely tell-sign characteristics, better you should immediately begin working the problem directly, or go to an external resource for help sooner.

5. Non-responsive security auditing

Back in the day large-scale enterprise security audits usually amounted to somewhere between five to ten vanilla questions before wrapping up a typical report section. Today, however, they involve highly-detailed investigations, and results can be amazingly useful if you’re willing to pay attention.

Unfortunately, many technologists would rather remove various human organs with rusty spoons than spend much time wading through the results of comprehensive security reports. However, critical information is usually available, and my advice would be to at least take a look, if for any other reason than to avoid triggering one’s career termination light sooner rather than later.