By Jesper Zerlang, CEO, LogPoint
As National Cybersecurity Awareness Month comes to a close, it is the perfect time to reflect on what it means to be “cybersmart.” With the threat landscape evolving and the endless solution offerings to consider for protection, becoming cybersmart means learning to balance strong security with day-to-day business operations.
While Enterprise Resource Planning (ERP) systems are beneficial to organizations due to their simplicity of gathering all administration data into one place, they are also a tremendous cyber risk. ERP systems are used to gather administrative assets in one single application, which allows a business to better manage their operational processes. However, if a system gets compromised, the hacker will have gained access to some of the most valuable assets within an organization. So, how can companies balance security and operations?
Understanding ERP Security and Why It’s Important
While it is at an elevated risk for cyber threats, ERP security is often overlooked. Furthermore, an attack on ERP systems can have a devastating impact on business operations, resulting in financial and reputational losses. Because of the complexities of ERP systems, it makes them difficult to monitor and maintain through the organization’s overall security protocols. Coupled with a general lack of education around ERP system security, these likely unpatched, interconnected systems make for a prime target for hackers.
Creating a strong security plan for ERP systems can make a major difference in mitigating common cyber threats. This should include foundational security measures such as infrastructure security, network security, operating system security and database security. It is also critical that the system is securely setup, covering the secure configuration of servers, enablement of security logging, security in the system communication, and data security.
Best Practices to Establish and Maintain ERP Security
As with enacting other security protocols, securing an ERP system takes education and practice. Businesses must first establish appropriate controls by implementing an ERP security solution and integrate it into the rest of their security operations.
However, being cybersmart entails staying up-to-date on current issues inside and outside the organization and understanding that depending on the severity of the threat, the entire organization may be impacted – from executive level to daily ERP users. This means that education and communication can go a long way in protecting the system.
- Teach safe and adequate password hygiene. Understanding that outdated and weak passwords pose a significant threat to an organization is critical. Practicing safe and adequate password hygiene and ensuring employees are properly trained on password safety is a crucial step in protecting the ERP system. Organizations may prevent a superuser’s compromise by educating employees, having two-step verification, or incorporating more frequent software and security updates.
- Be transparent and communicative. It’s essential to keep everyone in the loop to run an appropriately informed and well-updated organization. Communicating potential threats and ensuring employees are in the know about any risks associated with their responsibilities can add another layer of protection and diligence for the organization. Being strict and transparent is precisely what can keep intruders out of sensitive data.
- Protect against external risks. Beyond internal risks, it’s important to stay secure from external adversaries, and the best way to do so is by using an ERP security solution. The strongest ERP security solutions offer a variety of tools to protect an organization’s data, including exploitation and fraud detection, data integrity, unauthorized access identification, continuous and automated audits, data leak detection and centralized secure monitoring. The right ERP security solution can not only monitor system settings, but can also monitor patch or authorization management or remote function call (RFC) communication.
- Invest in technology. Today’s technology has come so far in the fight against cyber threats. Integrating security monitoring to a centralized security information event management (SIEM) solution can add another protective layer to the ERP system and drastically add value in the areas of cybersecurity, IT operations, and system compliance. This integration offers near real-time monitoring of ERP events and information to keep organizations in the know about what’s happening with their ERP system data.
Historically, ERP security has been centered around identity management, access control and authorizations managed by the finance department. ERP security is rarely a collaborative effort with the cybersecurity team, who is tasked with managing security throughout the wider company infrastructure. This isolates ERP security from the company’s overall cybersecurity posture, leaving ERP security without the competencies of the larger security team. Integrating ERP security data into the SIEM, operated by the cybersecurity department, is an important step in ensuring a holistic view on security within the enterprise.
Being cybersmart is more than just adoption
Organizations who are considered cybersmart are constantly thinking ahead and staying aware of the threats that are impacting their internal and external communities. Not only are they identifying and adopting best practices that protect their data, but they are also educating and communicating to their employees about how these risks can be avoided, identified, and responded to. This type of awareness and proactivity is how organizations stay ahead of hackers and become one step closer to calling themselves “cybersmart.”
