Cybersecurity is a hot topic. Despite this, most don’t consider that their digital transformations may be creating a cybersecurity threat.
Recent security breaches at Under Armour, Target, Marriott, and other well-respected companies have caught the attention of CIOs. After all, if large companies with world-class resources at their disposal experience such breaches, what does that mean for smaller, less mature organizations?
It’s a question on a lot of people’s minds. A session on cybersecurity was the highest rated session at our recent Digital Stratosphere ERP conference. Though the topic creates a lot of interest, not enough organizations are well-versed or mature in their ability to ensure that their digital transformations don’t end up increasing cybersecurity threats.
Here are a few things to consider related to cybersecurity as you embark on your digital transformation:
Your company’s core systems and data is exposed to potential cybersecurity threats each time you integrate with a third-party system. Even if your back-office ERP, CRM, or HCM system is completely locked down, it doesn’t mean that this security necessarily extends to other systems you might integrate with. It is important to have a complete view of where data and security breaches could occur across multiple systems.
Since cloud ERP is reaching the tipping point of adoption, more people are becoming concerned with cyberattacks on hosting providers. With this in mind, it is important to fully assess your cloud provider’s security capabilities and standards to ensure your data is not exposed to potential threats.
Unfortunately, even the most sophisticated ERP system won’t solve your cybersecurity threats. After all, internal employees are the most common culprits of cybersecurity threats. It is important to create awareness, education, and training for your employees to ensure that they are focused on protecting your company’s cybersecurity and data assets. Cybersecurity should have its own organizational change management strategy and plan.
It is also important to ensure that you have carefully vetted security and access profiles for each of your employees. In addition to ensuring that you have addressed required internal controls and regulatory requirements, you also need to make sure that you are not unintentionally creating opportunities for your employees to compromise your cybersecurity. Your IT, internal control, and risk management teams should all be involved in defining security profiles for your employees.
There are a number of ways to mitigate the cybersecurity risks outlined above. Strategies include cybersecurity awareness training, aggressively trying to expose potential breaches as part of your overall testing and deployment plans and creating a cybersecurity center of excellence.
There are a host of other strategies and tactics at your disposal, which our data and cybersecurity team would be happy to discuss with you. Contact me to arrange a time to discuss – we would be happy to be a sounding board!