Your ERP and other core enterprise systems hold critical corporate information that could harm your business if its security is compromised. Companies have recognized the threat and have responded by pouring money into cybersecurity systems. What if we told you there is one security measure that could prevent the majority of cyber attacks? Would you implement it immediately?
In fact, the greatest vulnerability of corporate software isn’t the system itself, but the employee who is using it. As we stated in our last blog, Preventing Cyber Attacks on Your ERP, “employees are the weakest link in system security.” The number one way to keep your ERP data safe is to educate your employees. Train your employees to understand the types of attacks they may face and how to address them. All it takes is one employee to take the bait for your entire system to be compromised.
Reduce Corporate Risk by Providing Employee ERP Training
You can reduce corporate risk by providing timely and repeated security awareness training. As part of new hire training, you should include company security policies. Be sure to coincide training with testing. Employees learn best through mock scenarios. Use simulated attacks that are relevant to the employees’ daily jobs. Then provide feedback on what they did right or wrong. Here is some key training that should be included:
- Install updates regularly. Teach your employees to install updates to stay current on security enhancements. The critical updates are continually closing software vulnerabilities. We are always susceptible, but one way to stay safer is to not be as vulnerable as others. In many cases, hackers will go for the low-hanging fruit, so you don’t want to be the one who didn’t install the update.
- Don’t click on links in email unless you are very sure. Teach your employees to look at the http: behind the link before they click on it. That will tell them if it’s going to send them to an unknown website. If they do click on the link and are told that they must install some software to read the file or do the download, stop! Before they allow anything to be installed on their system, verify with the sender that a) he/she sent it and b) that it’s supposed to install something. If they do not know the sender, do not even click on it.
- Read all URLs from right to left. The last address is the true domain. Secure URLs that don’t employ https are fraudulent, as are sites that begin with IP addresses.
- Check back with the sender if anything is out of the ordinary. Send a separate email (not a reply) or make a phone call to determine if the email is valid. In one real example, an IT manager supposedly sent an email to an employee explaining that an important update could not be done remotely so a security firm had been contracted to help with the client installation. The 800 number provided actually went to the hacker, who then used GoToMeeting to get access to the employee’s system, browsed to an official looking site and downloaded and installed malware without the employee ever knowing. In this case, if the employee had been the least bit suspicious he/she could have called the IT manager to make sure it was legitimate.
- Never provide account information or passwords through email. Phishing, like the example above, is the greatest security threat to your employees.
- Eliminate careless Internet browsing. Institute a policy that prevents certain sites from being accessed. This greatly reduces your chance of having your business’ security compromised.
Don’t assume that your employees are aware of security threats. By implementing this leading practice to keep your ERP data safe, you will move a long way toward reducing the threat of cyber attacks in your business.
Accounting Services, Inc. (ASI) can review your current business processes and provide sound recommendations to help your business succeed. We offer Sage 100 training and support for all of our clients. Let ASI train your staff on how best to utilize the software to promote productivity, efficiency, effectiveness and security. Contact us today.