As mobile devices proliferate companies using ERP need to deal with them. Whether you want to have a BYOD environment, or the company issues tablets or smartphones to some employees, mobile devices are out there and you have to adapt to them.
This means setting and enforcing clear policies on what is acceptable use in your ERP environment. Depending on your choices, these policies can be simple or complex, but they need to be set before mobile devices start proliferating in your company.
Your company mobile policy needs to be written down and communicated to everyone. This is true whether your policy is to ban mobile devices totally, or allow BYOD, or anything in between.
Your mobile policy needs to spell out what is acceptable use of your company’s resources. This includes what sites may be visited and what can be done using the devices and network.
You will probably want to get legal advice in drawing up your mobile policy. The ins and outs can be tricky and have legal implications, so it’s important to have your proposed policy checked out before implementing it.
One of the problems with mobile devices is that they greatly increase the attack surface of your ERP system. In other words mobile provides more avenues for bad guys to compromise your system. This is particularly important if you have an ERP system since so much business-critical information is stored in one place.
This isn’t necessarily a guarantee of trouble, but it does mean you have to make sure the possible avenues of attack are closed.
At the operational level you need to start with basic security policies by making sure you have effective ones in place.
A basic element is a strong password policy. Every account should be protected by passwords or other authentication measures (such as fingerprints) and the passwords should be changed regularly. Make sure you users use combinations of letters, numbers and punctuation marks to protect their accounts. You also need to make sure that everyone protects their passwords and don’t share them or otherwise give them out.
Encrypting passwords and other important information is another good idea. So are firewalls around sensitive data.
Set your policies to limit access to information to as few people as possible by segregating users by access lists for access to various functions.
It is also important to protect the underlying systems. Keep up on current patches and bug fixes to your operating system, network and storage and be sure to install patches and updates in a timely manner.
Again, this isn’t different from a system that doesn’t allow mobile access, but the added factor of mobile access makes all these things doubly important.
User education plays an important part in keeping your system secure as well. Most attacks involve some level of social engineering where the bad guy tricks someone into giving out compromising information, or even system access. These sort of problems can’t really be prevented by technical barriers, but they can be stopped by alert and aware users to know the company’s security policies and follow them faithfully.
You should remind users of their security duties regularly with emails and additional training classes to make sure security awareness stays high.
The key to security for a mobile ERP system is at bottom the same as for any system. Have a set of acceptable security policies in place and make sure that they are rigidly adhered to.
For Full Story, Please click here.