Did you know that there is one, simple step you can take that has the greatest impact on keeping your ERP software data secure? This single step will go a long way to reducing the threat of cyber attacks on your business systems. You should implement this step before pouring money into other cybersecurity measures.
In fact, the greatest vulnerability of ERP software isn’t the system itself, but the employee who is using it. As we stated in our last blog, How to Keep Your Enterprise Resource Planning System Safe, “employees are the weakest link in system security.” The number one way to keep your ERP data safe is to educate your employees. Train your employees to understand the types of attacks they may face and how to address them. All it takes is one employee to take the bait for your entire system to be compromised.
You can reduce corporate risk by providing timely and repeated security awareness training. As part of new hire training, you should include company security policies. Be sure to coincide training with testing. Employees learn best through mock scenarios. Use simulated attacks that are relevant to the employees’ daily jobs. Then provide feedback on what they did right or wrong. Here is some key training that should be included:
- Install updates regularly. Teach your employees to install updates to stay current on security enhancements. The critical updates are continually closing software vulnerabilities. We are always susceptible, but one way to stay safer is to not be as vulnerable as others. In many cases, hackers will go for the low-hanging fruit, so you don’t want to be the one who didn’t install the update.
- Don’t click on links in email unless you are very sure. Teach your employees to look at the http: behind the link before they click on it. That will tell them if it’s going to send them to an unknown website. If they do click on the link and are told that they must install some software to read the file or do the download, stop! Before they allow anything to be installed on their system, verify with the sender that a) he/she sent it and b) that it’s supposed to install something. If they do not know the sender, do not even click on it.
- Read all URLs from right to left. The last address is the true domain. Secure URLs that don’t employ https are fraudulent, as are sites that begin with IP addresses.
- Check back with the sender if anything is out of the ordinary. Send a separate email (not a reply) or make a phone call to determine if the email is valid. In one real example, an IT manager supposedly sent an email to an employee explaining that an important update could not be done remotely so a security firm had been contracted to help with the client installation. The 800 number provided actually went to the hacker, who then used GoToMeeting to get access to the employee’s system, browsed to an official looking site and downloaded and installed malware without the employee ever knowing. In this case, if the employee had been the least bit suspicious he/she could have called the IT manager to make sure it was legitimate.
- Never provide account information or passwords through email. Phishing, like the example above, is the greatest security threat to your employees.
- Eliminate careless Internet browsing. Institute a policy that prevents certain sites from being accessed. This greatly reduces your chance of having your business’ security compromised.
Don’t assume that your employees are aware of security threats. Your ERP software holds critical corporate information that could harm your business if its security is compromised. Implementing a comprehensive training program is the best step you can take for prevention.
Emerald TC has an experienced team of certified consultants, master developers and CPAs who specialize in accounting, business systems and ERP software. We understand your business and can help you solve the problems you face every day. Contact us if you would like us to work with you to find the right business processes for your company.