Wednesday, October 31, 2018

4 Data Security Tips for Your ERP Implementation

New digital technologies, like AI an IoT, are augmenting the business intelligence provided by ERP software. While this business intelligence helps organizations improve the customer experience, it also presents new data security challenges. With great business intelligence comes great responsibility.

Better customer intelligence is generally beneficial to both the organization and the customer, but sometimes, it can be a burden. For example, a data breach can cost your organization millions in legal fees and lost business. You may also lose customers if they feel their privacy is threatened, not by a security breach, but by how you choose to use their personal data. Mitigating these risks requires an understanding of potential security threats and applicable compliance issues, such as HIPPA and GDPR.

How can you be proactive in identifying risks while still supporting revenue-generating initiatives across your organization? Here are four tips for enabling an innovative, but vigilant, ERP implementation team:

Evaluate your organization’s culture.
A customer-centric culture promotes data security because it encourages employees to listen to customers’ data privacy concerns and share them with executives. Let’s say you’ve implemented a new CRM system, and several customers are expressing privacy concerns. Your ERP implementation team should be the liaison between customer service reps and executives to establish a data management process and define security standards.

It’s important to develop a change management strategy that promotes a culture where data security is the responsibility of everyone in the organization. ERP software integrates data across the organization, so several departments likely have access to customer data. Improved data access is essential to digital transformation, so restricting data access isn’t the answer – better security is.

Understand the role of the chief information security officer (CISO).
Your CISO can enable your digital strategy by leading cultural changes, such as encouraging open communication and prioritizing education. In terms of education, CISOs should regularly host cyber security trainings and provide educational materials in a variety of formats multiple times per year. Cyber security training is also an essential pre-implementation activity.

Open communication is especially important between the CISO and other executives. By scheduling regular meetings with privacy and legal teams, CISOs can build strong relationships across the organization. A foundation of trust makes it easier for CISOs to prove the value of data security by presenting credible data and suggesting possible next steps. This proactive approach is enabled by predictive analytics – CISOs should use business intelligence to protect business intelligence.

Develop strong governance processes.
Your CISO needs complete visibility into the organization’s supply chain and ERP selection process, so they can evaluate new technology from a data security perspective. By developing a vendor management program, CISOs can keep tabs on various ERP vendors and their associated security risks. Predictive analytics is useful here as well. It enables CISOs to quickly detect when an implemented system violates the organization’s security profile. Even the top ERP systems in your industry may have vulnerabilities.

Strong governance processes also help ensure legal compliance, especially with the International Organization for Standardization’s (ISO’s) IT security management standards. A security solution, like HyTrust, can serve as a compliance litmus test.

Be especially wary of IoT security.
The internet of things (IoT) plays a major role in ERP implementations for many organizations. Industry analysts predict that IoT and ERP will become an increasingly popular combination. IoT improves data insights and operational efficiency, so it’s not hard to see why organizations are drawn to it. If you’re considering integrating IoT with your ERP system, there are several security concerns of which to be aware.

IoT devices are vulnerable to cyber attacks because they communicate with other internet-connected devices, making them prime targets for hackers who want access to multiple data sources. IoT devices aren’t only a convenient target, but they’re an easy target – most organizations aren’t prepared for an attack and don’t have adequate protections in place. They don’t realize that a device managed by a third party may not have the same level of security as technology hosted on-premise.

A lack of due diligence on the part of the IoT provider is another reason hackers target IoT. Hackers know that many IoT providers haven’t taken the time to enhance their security as they were too eager to get their devices to market before competitors.

How can a CISO protect customer data stored and/or collected by an IoT device? One option is implementing an IoT device management platform, such as Amazon Web Services. These platforms enable you to install crucial software updates on all your IoT devices. Your ERP project team can also protect data by designing optimized business processes that reduce errors.

Convincing Your Boss to Invest in ERP Data Security
It’s not easy to prove the ROI of cyber security. Justifying the investment, requires an understanding of the threat landscape, attack probability and potential losses. With this information, you or your CISO can convince executives that ongoing cyber security is necessary to support the organization’s goals.

The implementation of a new ERP system is a great opportunity to discuss cyber security with executives. New technology brings new security threats which need to be addressed if you want to realize value from business intelligence and customer data. Consider hiring an ERP consultant to help you develop a cyber security business case.