Preventing Cyber Attacks on Your ERP

Dec 10, 2015 | ERP

ERP Cyber SecurityModern times call for up-to-date security measures for your ERP and other core business systems. With the increase in mobility, the burgeoning virtual payment industry and cloud technology, businesses are taking a closer look at their cybersecurity measures. They are investing in systems to keep their business safe. In fact, worldwide cybersecurity technology is currently a $77 billion market and growing rapidly.

ERP vendors have included high-quality security options in their applications, but the onus for security still falls on the company that installs it. Each company needs to spend time auditing and supplementing vendor security to prevent malicious cyber attacks. Evaluate your current position regarding ERP application threats. Do you have a complete inventory of all of the devices that currently use the network—smartphones, laptops, thumb drives and routers? Does your ERP system have vulnerabilities that will enable cyber attackers to take full control of the business?

How to Keep Your ERP Secure

What are the steps you can take to keep your ERP secure? Even if you outsource your ERP technology, there are still internal measures that you should take to keep your information safe.

  1. Manage who has administrative access. Many organizations have addressed security with Segregation of Duties (SoD) which controls access and sets strict user authorizations. This is a positive step, however, it may create a false sense of security, as these controls were not designed to prevent or detect cyber attacks.
  2. Educate employees on best practices. Employees are the weakest link in system security. Don’t assume that everyone understands—let them know the importance of security and the steps they should take to mitigate risk.
  3. Create stronger passwords. Password prediction is one of the most common and avoidable sources of cyber security attacks. All system passwords—Including email—should be long, use multiple characters, and be changed regularly.
  4. Use SPAM filters. These filters should recognize and prevent emails from suspicious sources from ever reaching the employee’s inbox. Use browser add-ons and extensions that prevent users from clicking on malicious links.
  5. Use private clouds. Private clouds cost more, but they have fewer entry points and more stringent safety measures in place. Private cloud providers are in a better position to monitor accounts, enabling them to preemptively deflect attacks and minimize their impact.
  6. Secure your data transfer channels. All of the data you transfer back and forth to the cloud travels through the Internet, which is where it is most vulnerable. Make sure you select secure data transfer channels and encrypt any data before it is sent out. Use an SSL Certificate to secure all traffic to and from your website. This protects information being sent to and from your web server from eavesdroppers.
  7. Require encryption for employees that are telecommuting. A new threat that has been introduced by the BYOD trend is that apps on employees’ mobile devices can access their address books and export them to sites on the Internet, exposing the contacts to attackers who use them for spear phishing. Install mobile security software on user devices that scans apps and prevents users from accessing the corporate networks If they have privacy-leaking apps.
  8. Use a securely hosted payment page. This is the best practice for reducing your risk to your customers’ credit card data. Use a payment gateway provider that has up-to-date PCI DSS and ISO 27001 certifications from independent auditors.
  9. Know your software interfaces. Application programming interfaces (APIs) are what you use to access ERP software applications on the cloud. Evaluate your existing API to determine if it has any vulnerabilities and investigate ways to strengthen it.
  10. Apply vendor security patches promptly. Regularly update your antivirus and anti-malware software. If you outsource your ERP to a third party, the vendor is responsible for updates. However, SaaS ERP can be breached through a network on site that hasn’t been updates. The same goes with the applications, software and on-site operating systems that employees use to access ERP software. This includes website hosting, shopping cart software, blogs and content management software.
  11. Limit the affect of an attack. Have the right processes and solutions to diminish the threat and the impact.
  12. Join forces. Security is a problem that affects all business. Openly discuss security measures and expose them to peer review.

How well are you performing at keeping your ERP systems safe? Have you implemented all of these measures in your organization? If not, take steps now to secure your business. To learn more about the threat of cyber attacks on you ERP, read this blog.

Accounting Systems, Inc. (ASI) offers the latest in ERP technology with modern security. Contact us for more information.