Over the course of the quarter, we’ve seen how an EPP system integrates the various departments while maintaining silo walls within an enterprise. Having a successful system in place not only ensures effective data sharing, but also eliminates any inefficiencies in an enterprise’s day-to-day operations. Implementing an ERP system can be quite complicated, and there have been well documented cases of when implementations went over budget, over schedule, or did considerable business damage. One of my earlier blog posts covers some well known disaster stories.
While successfully completing an implementation is certainly a reason to celebrate. The work doesn’t end there. When your entire enterprise relies on the system for your financial and operational functions, how secure the system is becomes a top priority. In fact, a couple of months ago, the U.S. National Counterintelligence and Security announced that it will share classified security threat reports to critical telecommunications, energy, and financial businesses in the U.S. These threats target the supply chain by attempting to hack and manipulate ERP/supply chain software systems in order to disrupt and/or steal enterprise data.
While this piece of news sounds serious enough, there are some basic guidelines that all organizations can follow. Based on ERP Software Blog, below are some risks to watch out for and how to manage:
- Outdated and unsupported software. Using outdated software can lead to integration and compatibility problems, but not updating software also means that the system is open to software security vulnerabilities. Updating software as soon as new security patches become available makes it harder for hackers to gain entry.
- Technical personnel has access to make large scales changes to program behavior. Oftentimes, security is focused on external threats and end-user security and permissions. But controls should also be placed on the developers of the ERP software/system so that technical staff cannot make unauthorized changes that can drastically change the behaviors of the system or interfere with the business data.