Five quick actions to improve internal ERP security

Like a lot of you, you pushed so hard to get your ERP implemented and working, you let security take a back seat. Well, here are some quick things to do right now to improve ERP security.

1. Make users change their passwords frequently

This is almost too easy. Look at your ERP system users. Now force them all to change their passwords. Instantly your system security got a little better. Find the setting that automatically expires passwords at set intervals. Decide what makes sense at your business and after 90 days, everyone will need to reset their password.

2. Keep on top of user access settings

Every user should only have the transaction screens needed to accomplish their jobs. Most users can have access to read-only dashboards and reports. No one should have access to tables that are not needed for their work. Look over your users now and see if anyone has too much access. If they were missing some access, you would have heard that story already.

Guide: install new software successfully with this step-by-step guide to ERP implementation success

The separation of duties has long been a fundamental security measure, even before the advent of ERP systems.

For instance, the individual creating a purchase order should not be the same person issuing the payment for it. When reviewing ERP user access, consider this principle, you may discover responsibilities that need clearer boundaries.

3. Monitor ERP usage for irregular patterns

There is a setting in your ERP to turn on transaction logging and to log changes in static data. Use this setting. Capture everyone’s work electronically.  Now develop some queries to run in the background that watch for suspicious behavior. When something odd appears, dig a little deeper.  

Observe the user and assess whether the behavior is legitimate or fraudulent. At first, you will capture transactions that really are legitimate. Now update your query based on your new learning and continue watching and protecting the security of your ERP system

4. Keep track of when sensitive data is distributed

Email is a common way for unauthorized data to leave your company's security. Did someone just send out your entire customer list? It might have been for an authorized reason but good security requires you at least to clarify when this happened, and why.   

Pay attention now or your best customer could begin buying from your competitor. Find a way to spot another suspicious data movement too. That list could also have been on a thumb drive.

5. Have a plan and follow it

What security measures should you adopt to protect your ERP?  Write them down and get a broad consensus to ensure your security system is complete. Agree to some basic processes. Stick to them - though don't be afraid to suggest a change if they aren't adequate.

Some security measures cost money and take effort to implement. Some others are quick actions you can take right away. Once you develop your plan, follow it and keep your ERP secure.