School of Information Systems

The Importance of Security in ERP

If we know there was an attack that left over 230,000 systems in a state of chaos, cause by hackers that put Ransomwares Virus to the organization’s data. These attacks are dangerous to the company because the data are stolen, and the company could not access / recover the data unless they pay some amount of money to the hackers. But, if we think deeper ~ Although, the company could pay the money to the hacker, it means that they loss their money for nonprofit things.

            So, we know that ERP Security is extremely important aspect to protect company’s data including finances and reputation. Besides being the backbone of an organization, ERP systems is a virtual treasure and an attractive target for anyone that looking to steal private information. A successful attack against an ERP system may cause catastrophic for any business.  Then, how we stop this? Here is my solution.

  1. Segregate

Compromise of a user’s credentials is one of the most common ways that security of companies can be threatened. It is very easy to do phishing / put virus attacks to gain systems access. But, if the ERP systems are segregated, the damage cause by these types of attacks can be greatly minimized.

  1. Secure

Make sure that the company encrypt all the data during transit and storage, especially for important information. Stored in database would be greater too. Because this will ensure that if the data falls to the wrong hands, it will be virtually useless to them. In addition, if the right security tools are in place such as firewalls, windows defender, intrusion detection and prevention software, an antivirus software then the company stands a much better chance of knowing immediately if there is something wrong happening.

  1. Restrict systems access to Internet-Facing ERP’s

Most new ERP applications are now internet-facing, this will be relevant to cloud-based ERP. Having a cloud-based ERP can offer numerous benefits to businesses, but they should shield web-accessible ERP data from being compromised at all costs. Theu could sing a process known in the hacking community as Google Dorks (a fancy way to manipulating search engines to find hidden information on a website).

  1. Training

If the workers/users are taught how to spot whether something is wrong within the systems, as well to take immediately action to safe the data, there is a much better chance of spotting security breach before serious damage can be done. These practices should be put into place routines for the workers.

            But the important one is staying secure. Because while maintaining a secure ERP ecosystem is essential, there is no 100% solution that could stop these malwares attack because out there, there are many types of hackers that could still stole the data. With an increasing amount of important data, stored in various databases and organizations reliant on ERP software, it has never been more important for CTOs and CIOs to remain vigilant and educate themselves on ERP security to ensure their organization remains operational during a cyber-attack. As the time goes on, the company also need to keep updated the systems security.

References :

https://www.workwisellc.com/blog/rp-security-important-practices-for-keeping-your-erp-system-secure/

https://www.information-age.com/security-priority-erp-ecosystem-123468295/

https://www.softwareadvice.com/resources/erp-security-best-practices/

Marisa Karsen, Jovita Grace