The purpose of security is to prevent surprises that disrupt business and add cost. When it comes to IT security for manufacturing companies, how you set up and use your ERP system makes a difference in the way you manage security. Manufacturing companies are highly prized targets because of the amount of valuable data that they possess that could be stolen, altered or held for ransom. Whether from an internal or external source, a security breach can have serious repercussions on any manufacturing business. Use these ERP security tips and keep your company out of unnecessary jeopardy.
1. Keep Your ERP Software Up to Date
Software updates are released for a reason and problems can result when updating is neglected. If your ERP system is in the cloud, you don’t generally need to worry about updates because they are done automatically. When your ERP system is in-house, it’s important to apply updates when they are available in order to maintain or improve functionality and close cybersecurity gaps.
Exploiting software vulnerabilities is a common cybercriminal tactic and there are exploits that are specifically targeted toward ERP systems. Software publishers send out updates to patch potential vulnerabilities as they come to light. When the patches are not applied, the vulnerability provides an entry point for malware that can travel through the network unnoticed until it is too late.
It might be tempting to neglect updating your ERP software in order to minimize costs, but if a cyberattack happens because of an unpatched vulnerability, it’s going to cost you a lot more in the long run, and might even threaten the life of your business. Even if you don’t get hacked, you’ll be missing out on expanded features and efficiencies if you don’t update.
2. Control Access to Your ERP Application
The beauty in your ERP system is in its comprehensiveness. ERP makes it possible to have everything that you need under one roof but everyone obviously doesn’t need access to everything. You probably have assigned permissions to people according to their job role but how well are you monitoring that over time? Is it possible that somewhere down the line, a person was given additional rights and they don’t need them anymore? Controlling access to financial data and HR records is a no-brainer, but designs and intellectual property should be protected with need-to-know permissions as well.
If you have additional ways that your people are connecting to your ERP system then you have more access points to control. The use of smartphones and tablets can give workers a convenient interface in which to work, but each device is a potential gateway to intruders or criminals. Then there are all of your machines and equipment that are also connected to your system via the internet. These can be compromised just as your PCs can be, so locking down security for your ERP system includes maintaining security on all the connected devices.
One simple tactic to help control access to your ERP system is to make sure that all users have good password management habits. That includes using two factor authentication when possible, use of strong passwords that are changed regularly, and avoid sharing user names and passwords amongst multiple people.
3. Train Your People Well
You might not think that training your employees in use of your ERP system is a security tip but when people are not properly trained, the likelihood for errors and accidents increases. If mishaps occur within your ERP environment your data could be changed or lost which could have grave implications on how you are meeting customer needs.
Training that relies on the transfer of tribal knowledge does not guarantee appropriate software use. By tribal knowledge, we mean the practice of having one person train another without formal documentation. As the newcomer is shown how to go about their activities in the system, they will pass along bad habits and incorrect procedures along the way and possibly expose sensitive data to the wrong people.
Along with training, consider the training of your IT support personnel. Gaps in IT security can occur if the software is not configured with security in mind. Again, it might seem like a cost saving measure to have someone in-house configure and maintain your ERP system, but it could cost you more down the road if you have problems to fix or a breach to deal with.
4. Control Reporting and Data Exports
Exporting data from your ERP system to a spreadsheet might seem harmless, but every time you take data from your main application and put it somewhere else, you could be setting yourself up for mistakes and theft. Additionally, if your employees need to use their own devices to work remotely, or they are using consumer file sharing services to transfer files, your data could have increased exposure to threats.
Allowing your data to leave your ERP system could become a compliance violation if security is not maintained along the export path and destination. Whether you’re dealing with a hefty regulation like ITAR or your clients’ non-disclosure agreement, it’s easy to forget all the places where your business data is stored if it is routinely exported and used somewhere else, and you can’t protect what you can’t see. Updating or modifying your ERP software so that it provides you with the reporting that you need can help you keep your data within your controlled perimeter and reduce security risks.