Your ERP solution is a critical resource, containing sensitive information like sensitive accounting and financial details, company policies and procedures, customer and lead lists, bills of material. Thus, it’s very important to keep your system protected from a cybersecurity perspective. In this article, we’ve outlined 4 simple steps you can take to keep your systems more secure.
- Ensure that your systems are up-to-date, patched, and protected
When people think of security incidents, many people imagine hackers targeting their company specifically, probing their network the same way a burglar would “case” a house for a point of entrance.
But in fact, many cybersecurity incidents are crimes of opportunity by malicious actors searching broad swaths of the Internet for unpatched systems that are vulnerable to common attacks.
To keep your systems protected, ensure that your IT personnel are treating your ERP infrastructure as a priority and maintaining standard security practices – applying security patches promptly, leveraging firewalls to ensure that services are not open to the Internet or unnecessary segments of your network, and monitoring log files for any unusual incidents.
If you’re using Bizowie Cloud ERP, you can check this one off your list right away – our robust, cloud-based infrastructure is managed by a team of expert engineers, 24 hours a day, 7 days a week. Security patches are automatic, and industry standard firewalls, intrusion detection systems, and other security measures are leveraged to ensure that only you have access to your data.
- Leverage two-factor authentication for added security at login
One of the biggest security clichés is the password written on a sticky note, but it’s a cliché for a reason. Stolen credentials are a common way for attackers to gain access to your systems, as they can be easy to obtain in an insecure environment via “phishing” attempts, credential reuse, and yes, the dreaded sticky note on the monitor.
Two-factor authentication makes the login process to your systems more secure by requiring that the user enter a “token” (generated on their phone or a special device) along with their username and password. Unlike a password, the token can only be used once, and only for a limited period of time. This ensures that even if a password is stolen, it can’t be used by an attacker who does not have access to the user’s phone or hardware device.
Bizowie Cloud ERP supports two-factor authentication out of the box. Current customers can search the Help Center for “Two-Factor Authentication” to learn how to enable this feature for their users.
- Lock down account access by IP address
Unlike installed solutions, cloud ERP systems provide a huge convenience for customers by allowing access from any location. However, that flexibility doesn’t need to be extended to every user. While this is a huge advantage for some users (territory sales teams, field service technicians), others don’t need access from outside your facilities (warehouse personnel, production floor employees).
By limiting user role access by IP address, you can ensure that some groups of users are not able to access the system when they’re not at work. This means that even if their account credentials are compromised, they cannot be used by someone who is not in your building.
In Bizowie Cloud ERP, this feature can be enabled from the Admin > Roles screen when creating or editing a User Role.
- Audit user role access regularly
To ensure the security of your data, maintaining “need-to-know” access to resources in your ERP system is critical. Users should be assigned permissions only for the features and functionality they need to know to do their jobs. This reduces risk from both compromised accounts and malicious actors among your employees.
Set a schedule for a member of your IT or information security team to review your roles on a regular basis, checking permissions to make sure roles have not been granted access to more than what they need.
In Bizowie Cloud ERP, our “Enter as User” functionality can be helpful for this type of audit, allowing security personnel to see the system as a particular user would.