All posts by kaloyandimitrov

Six classic ERP system security problems – and how to avoid them

An enterprise resource planning (ERP) system is a must for every business. The need to store and access more and more data makes it impossible to operate without proper business software. Furthermore, the desire to access this information on the go means that most companies are choosing cloud solutions.

The benefits are countless – more efficient, decreasing costs, easier to maintain, just to name a few. The main problem that it poses is the increased risk of security breach – the privacy of the data that we store is at stake. This data has great value for our business and if it ends up in the wrong hands it may be used against us. To that end, it’s worth examining common ERP system security problems and what can be done about them to keep the system protected and well maintained.

Choosing the wrong ERP provider

Don’t let strong marketing and aggressive salespeople (or overly attractive prices) win you over. Vetting your ERP provider thoroughly is the key to understanding the functionalities and restrictions of your system.

Shop around and get at least three serious offers from reputable providers. Also, don’t be afraid to ask the providers you’re considering for references within your specific line of work. Furthermore, it is a good idea to ask directly the vendors why they consider their product safe or better in security aspect than the completion. You may not understand their answer but if you write everything down it is easy to investigate and even question the next provider over the answer of the previous one and so on. At least, you will be able to sense how comfortable they are discussing this topic.

Not keeping up with the technology

It isn’t uncommon that people think that once they have implemented their ERP system they are set for life. Technology is constantly improving to keep up with the ever-changing market and to meet new standards and requests.

If you don’t follow the technological developments, falling behind will be a given. Evaluate your need for a new ERP system and act accordingly. Check if the software will be updated regularly and if this is included in the pricing. Most cloud solutions do this and it is rapidly becoming an industry standard but that doesn’t mean you can count on it by default.

Not training your staff properly

People tend to get hyped about the cyber part of “cyber security” but they often don’t realize that actually, the weakest link in the system are humans. Well-meaning but uneducated and uninformed staff that regularly use an ERP system and handle sensitive data are probably the biggest security liability.

Don’t rush with going live with your ERP system. Give your staff enough time to get comfortable with it.

Also, rather than spending a lot on extreme cyber security measures, invest some time and money on educating your staff. They need to know how to handle their passwords, what to do with suspicious e-mail and hyperlinks and how to avoid giving a potential hacker what they need freely.

Disregarding necessary audits

Regular cyber security audits are a must. Think about them as regular check-ups at your doctors – if you detect something is wrong at the right time, you’ll have much fewer problems fixing it.

With a regular cyber security audit, you will be able to detect possible loopholes in your system but also catch security breaches relatively early. Latest research shows that, on average, a breach is being detected between six months to a year after it happens. During this period an intruder has access to sensitive information of the company. Doing a cyber-security audit twice a year is highly recommended if the company is big enough to be able to afford it.

Delaying software updates

Unfortunately, software updates take time. And when you’re doing business, time is often one thing you don’t have. That is why, more often than not, companies delay making regular updates of their software in general.

Keep in mind that software updates aren’t there to mess with you – software developers are doing them to fix bugs and weak spots. This means that if you don’t keep your software up to date, you’re potentially making it vulnerable.

Not keeping up with the growth of your business

As your business grows, you’ll inevitably add more and more devices to your ERP system. It won’t only be regular desktop computers in your office but tablets and mobile phones as well. You will also want to connect to your ERP system from anywhere, not just from your well-maintained, secure office network.

Make sure that your ERP system can keep up with this and try to always use secure networks. Don’t gamble with free Wi-Fi when you are trying to manage your business remotely.


A good ERP system can be a lifesaver when you’re doing business. But although it makes day to day work much easier, it does require that you take care of it properly.

If you’re feeling overwhelmed, don’t be afraid to seek professional help. In the end, when you consider the time, risks and effort, a professional who knows what they’re doing will probably save you more money than you’ll end up paying them.