ERP security isn’t in the news much, but it should be. According to Computer Weekly, dedicated denial of service (DOS) attacks may be on the rise and targeting ERP systems. Business-critical software such as ERP systems are under threat from cybercriminals who know that companies will pay almost any ransom to ensure their systems run again.
As more ERP systems integrate with devices networked through the Internet of Things, this threat increases. Why? Well, consider how many devices connect to the internet. Each device acts as a window in a house, another portal through which a criminal may enter your system. While you can control the main security areas such as the ERP system, independent contractors and separate companies may each have a hand in securing the IoT. Their skills and dedication to security vary, leaving gaps in the network of devices and information portals which increases the threat.
IoT Represents Big Security Risk
Hackers target the IoT because it’s notorious for poor security. Poor password management, outdated security software, and similar risks increase with the number of devices connected through the IoT. Add to that the sophisticated targeting of phishing attacks aimed at breaching IoT devices, and you’ve got a more significant risk than you thought.
ERP Security Built Into the System
Fortunately, ERP security is ahead of the IoT by several yards. Although not impregnable by any means, it does offer more hurdles to thieves intent upon breaching security and stealing valuable data.
A paper on ERP security and related issues points out that ERP systems have several factors in their favor when it comes to security:
- Design architecture: The architecture of an ERP system refers to how it’s built. These systems tend to be built in compartments rather than as a single unit. Because they are compartments joined through bridges, the gates can be closed on a metaphorical bridge should a breach occur. In other words, if a thief gets into one area, the system can be locked down to prevent him from accessing other areas if it’s caught soon enough.
- Role-based access: Role-based access provides more security because it limits who can touch which parts of the system. A system administrator touches all points of the system, but the human resources department may need only certain areas and accounting, other areas. This limits how much damage can be done in the event a successful phishing attack puts data at risk.
- Time limits: System time-outs shut down the portals in the event people leave the site open. This minimizes the risk by closing the windows of time when the system may be breached.
- System logs: System logs record who accessed the system and at what time, as well as what was done during that window of time. This can help the IT department retrace a criminal’s steps through the system and figure out which areas may have been compromised.
- Multiple security logins: Some systems require numerous passwords to enter various sensitive parts of the system, such as accounting, payroll, human resources, and banking information. It’s the equivalent of adding a heavy-duty bolt to a regular key lock on the front door of a house.
3. Tips to Safely Use the IoT
Most of the sensitive data in your company are likely stored in the ERP system. Therefore, it makes sense to work on IoT security to close any possible loopholes where criminals can access the ERP.
- Change factory default passwords in IoT devices to stronger passwords.
- Smart devices collect a lot of personal data, so do your research before buying and installing any devices that connect to your ERP. Ask questions and read the fine print. Understand who is collecting data and how it may be shared.
- Add special security software onto the VPN or other devices.
- Use caution when accessing cloud services on your smartphone. Don’t leave your smartphone on a restaurant table, for example, when you leave to go to the restroom or stand up to put on your coat. Always put it in your pocket or purse. Even a few minutes of access can give criminals the time they need to get through the IoT and into your company’s systems.
Companies are routinely using the IoT for greater efficiency and access. We agree—it’s a great way to improve efficiency. However, a few steps now will provide better security and prevent the nightmare of a breach later. ERP security offers an excellent safeguard against many common attacks, but as the threat increases, so too must your vigilance.
Mindover Software offers ERP consulting, business and software consulting, and excellent service for companies seeking help with their software needs. Choosing an ERP system doesn’t have to be a headache. We can help you find a system with ERP security that meets your needs. Please contact us at 512-990- 3994.