Many resellers push ERP security as a key selling point when companies are looking for an accounting and finance solution for their businesses. After all, the reasoning goes, ERP systems are so complex that the vendors must put a lot of effort into their security. And, if their security is so great, your company won’t need to invest as much in its own cybersecurity.
Unfortunately, there’s a pervasive myth or misconception that ERP is all great and powerful, and that it can stop a cyberattack all on its own. While it’s true that security may be better in ERP systems than in other software, it is not true that the security built into your ERP system alone can halt all attacks.
Here are the common misconceptions about ERP and security, and the truths that truly make ERP an excellent solution for many businesses.
Common Misconceptions About ERP Security – and the Real Truth
Many misconceptions are based in truth, and that goes for ERP misconceptions, too. The following are common misunderstandings about ERP systems and the truth behind them.
- ERP is so secure you don’t have to worry about security when running it.
Truth: ERP offers exceptional security, particularly cloud ERP systems that offer the advantages of cloud security practices for backups and data encryption. However, if you’re running on-premises ERP solutions, you’ll need to update the system the same way as you would running any other on premises solution. This means installing updates and patches when prompted by notifications from the manufacturer. Such updates and patches are typically in response to known bugs or issues, and can go a long way toward improving the security of on-premises ERP.
- It’s okay to run ERP with single sign-on.
Truth: There’s a reason why ERP manufacturers offer two-factor authentication. About 51% of internet users’ time is spent using a mobile device. Mobile devices are easily lost, misplaced, or stolen. Imagine if your phone slips from your pocket while you’re in a cab in New York City, sitting down in a restaurant in Chicago, or entering a ride at Walt Disney World. What if an unscrupulous person picks it up? They may easily access all your important data, including data in your ERP system if you do not have two-factor authentication enabled. While it may seem bothersome to require it when signing onto the ERP system, turning it on company-wide can save you many headaches.
- You don’t need a VPN to remain secure.
Truth: Cloud ERP manufacturers proclaim its accessibility as a great reason to have the software, and it is indeed a wonderful feature, especially during this season of business uncertainty during the coronavirus pandemic. Businesses with cloud ERP had a much easier time transitioning to a telecommuting model than those that didn’t have such software in place. Yet logging into an ERP system without a VPN isn’t very secure. VPN stands for “virtual private network” and it keeps information confidential and secure when users log in. It makes it more difficult for hackers to steal log-in and personal data, among other things. It’s a smart move for companies to use a VPN when asking workers to log in from home.
A Secure ERP System: The Basics Start With You
A truly secure ERP system is one that starts with great software supported by smart, vigilant companies who take digital security seriously.
No one single ERP system is completely impregnable to cyberattacks. A few steps enacted by companies to ensure best practices are followed for digital security can go a long way to prevent costly attacks and data breaches.
Emerald TC provides software and consulting for manufacturing companies. We can help you choose the right ERP system for your needs. Contact us or call 678-456-6919 for more information.