CFOs and Financial Controllers know how important the privacy of their ERP information is. Commonly, they rely on ERP built-in reporting features and Excel to report and distribute information to decision-makers, but is that a secure way to prevent data from getting into the wrong hands?
Human Data Leaks
Sophisticated hacking stories make the headlines, but the reality is that most data leaks in mid-sized companies come from human error.
Many data leaks happen due to a company’s staff, for example, an employee accidentally sharing a critical Excel or PDF report with the wrong people (the ‘oops email’), data exposure caused by malware on an infected computer, a password written down on a post-it being exposed to the wrong people, or even disgruntled employees selling the company’s data.
These potential dangers can be minimized by having ongoing communication and training about the company’s data privacy policies and best practices. Also, employment contracts should lay down severe consequences for breaching such policies and emphasizing them during ongoing communications.
Another potential source of data leaks is the poor security setup of your ERP system and its reporting engine. Security is often a multi-layer process that may take considerable investment to implement. Unfortunately, it’s not uncommon to find systems that are not keeping up with the latest security threats and vulnerabilities.
Technology Reducing Data Leaks
The following security best practices can help prevent human error from exposing sensitive data, or even catch breaches early on:
- Multi-factor authentication is a ‘must-have’ when accessing critical digital assets.
- Enforcing complex passwords (at least 12 characters long). The National Institute of Standards and Technology (NIST) has recently revised its guidelines for passwords. The following blog is a good summary and links to further details: https://www.infosecurity-magazine.com/blogs/nist-password-guidelines/.
- Enterprise-grade password managers. When well embraced, this can eliminate people from creating unsecured passwords and getting people out of the behavior of writing down passwords on paper or on unencrypted files.
- Reputable identity provider systems that provide single sign-on (SSO). SSO eliminates friction points to log on to systems and reduces the administrative overhead by centrally managing changes to user access (i.e. if someone leaves the company, a single place can block their access to all digital assets).
- ERP and reporting systems that provide easy ways to monitor how users are consuming data and reports. This is an area where many ERP systems and their reporting tools are still limited. It can get even more challenging to control data security when companies share reports via stand-alone files such as Excel and PDF.
First of all, there’s nothing wrong with Excel – it’s a great and flexible tool!
“Excel hell” is a common term to express the use of stand-alone tools (like Excel) to tackle complex reporting needs. Here are some common “Excel hell” issues related to data security and privacy:
- Who created the report?
- How can we prevent people from sending reports to the wrong recipients?
- Was a device (without an encrypted HD) stolen with sensitive data on it?
- How can we give external users (like board members or partners) access to their relevant data securely?
- How can we prevent people from accessing reports that they are no longer entitled to access (even past ones)?
- How can we prevent (or make it harder) for people to store reports or download data to unauthorized devices not protected by the security policies?
Enterprise Reporting Platforms
When companies begin to review their data privacy, they often realize that the built-in reporting features in their ERP and tools such as Excel are actually contributing to potential data breaches.
Here’s a summary of how Enterprise Reporting Platforms add value for data security:
- A centralized way to manage secure access to all data for reporting (not only ERP).
- Centralized and easy ways to monitor report data usage. It comes easy to spot if someone is consuming data they are not supposed to.
- Secured and self-service report consumption, along with centrally managed mechanisms for report distribution (no more “oops emails”).
- Integration with active directory, single sign-on, and multi-factor authentication.
- Security settings to prevent (or make it harder) users from accessing and downloading data to their local computers.
- Segmentation of data structures to prevent lapses in security; for example, segmenting payroll users into a portion of the reporting platform that no other users have access to, making it impossible to accidentally add someone from another department into the payroll section.
At DataSelf, we’re proud to offer a mature Enterprise Reporting Platform that has been helping companies take their security privacies to a Fortune-2000 level quickly and inexpensively. DataSelf leverages MS SQL data warehousing coupled with our latest DataSelf ETL+ technology, Tableau, Power BI and Excel. The platform may be deployed on-premises or leverage our AWS and Azure cloud frameworks.