Too many South African businesses have been apathetic about cybersecurity for too long and recent events should serve as a loud wake-up call. A string of data breaches over the past few months has resulted in the personal information of thousands of individuals being exposed. Businesses must ensure that they have taken every precaution to ensure proper information security throughout their IT infrastructure to avoid leaving their ERP systems vulnerable to an attack.
The cost of a breach
The most recent victim to make headlines, financial services provider Liberty Life, spared no resources in investigating the extent of the breach and the methods used to compromise its systems. The purpose of the attack was extortion as the culprits demanded payment in exchange for withholding the stolen data. Liberty chose not to pay as there was no guarantee that the hackers wouldn’t leak the data anyway, or return later with greater demands.
Nevertheless, the incident has been exceedingly costly for the company and the final bill may never be known. Liberty’s share price fell by 4.3% in the immediate aftermath of the breach, wiping out roughly R1.5 billion, but the damage to brand reputation and the loss of potential revenue is far more difficult to tally.
Protect your business
Given how comprehensive an ERP system is, and the level of functionality it affords, it’s vital for it to be kept safe from such an intrusion. There are numerous concrete measures you can take to mitigate threats to your ERP solution and the often-sensitive data it depends on. And it begins with securing your network.
- Every computer in your IT ecosystem should have up-to-date antivirus software. It’s also necessary to have a firewall, intrusion detection and prevention in place, as well as threat monitoring. All these serve to ensure that your perimeter security comprises a formidable first line of defence from external threats.
- Staff are an important part of that ecosystem and can be a major in-house risk factor. User privileges must be the focus of attention as full access rights and permissions should never be a default provision. It’s best to apply a “need to know” policy and only grant access rights to data (which should be encrypted) and permissions to make system changes when appropriate. Staff also need adequate training in the ERP system and the basic principles of cybersecurity such as the importance of using strong passwords and how to recognise phishing.
- Updates for your ERP software must be installed as soon as they become available to stay abreast of the latest tactics employed by criminals and close any security gaps that the software provider has identified.
- Unauthorised systems and the practice of “frankensteining” business software must be avoided, but a truly comprehensive ERP system will provide all the functionality your business requires. So there should be no need for additional software that multiplies risks by storing data in multiple places.
The SynergERP advantage
The Sage Business Cloud Sage X3 product suite offers complete solutions with solid information security for your cloud-based ERP data. SynergERP, strengthened by its partnership with SynergIT, is a provider you can count on to support your business with layered network security measures, robust software that’s properly configured for your unique business needs and guidance you can depend on to keep the cybersecurity risks in your IT ecosystem to an absolute minimum.
To learn more about the strengths that you can pass on to your business, download our Sage X3 guide.