A new year brings the reminder to set new goals, both personally and professionally, but does that include protecting the privacy of your data? Data Privacy Day is a day to raise awareness and promote privacy and data protection best practices.
Millions of people are unaware of and uniformed about how their personal information is being used, collected, or shared in our digital society.
That's why we're sharing common causes for data leaks and how to prevent them:
ERP Reporting Data Security
CFOs and Financial Controllers know how important the privacy of their ERP information is. Commonly, they rely on ERP built-in reporting features and Excel to report and distribute information to decision makers, but is that a secure way to prevent data from getting into the wrong hands?
Human Data Leaks
Sophisticated hacking stories make the headlines, but the reality is that most data leaks in mid-sized companies come from human error.
Many data leaks happen due to a company’s staff, for example, an employee accidentally sharing a critical Excel or PDF report with the wrong people (the ‘oops email’), data exposure caused by malware on an infected computer, or even disgruntled employees selling the company’s data.
These potential dangers can be dramatically minimized by having clear and ongoing communication about the company’s data privacy policies and best practices and employment contracts laying down severe consequences for breaching such policies and emphasizing them during the hiring process.
Another potential source of data leaks is poor security setup of your ERP system and its reporting engine. Security is often a multi-layer process that may take considerable investment to implement, unfortunately, it’s not uncommon to find systems that are not keeping up with the latest security threats and vulnerabilities.
Technology Reducing Data Leaks
The following security best practices can help prevent human error from exposing sensitive data, or even catch breaches early on:
- Enforcing complex passwords (at least 12 characters long). The National Institute of Standards and Technology (NIST) has recently revised their guidelines for passwords.
- Enterprise-grade password managers. When well embraced, this can eliminate people from creating unsecured passwords and getting people out of the behavior of writing down passwords on paper or on unencrypted files.
- Reputable identity provider systems that provide single sign-on (SSO). SSO eliminates friction points to log on to systems and reduces the administrative overhead by centrally managing changes to user access (i.e. if someone leaves the company, a single place can block their access to all digital assets).
- Multi-factor authentication – a ‘must have’ when accessing critical digital assets.
- ERP and reporting systems that provide easy ways to monitor how users are consuming data and reports. This is an area where many ERP systems and their reporting tools are still limited. It can get even more challenging to control data security when companies share reports via stand-alone files such as Excel and PDF.
There’s nothing wrong with Excel – it’s a great and flexible tool! “Excel hell” is a term used to express the use of stand-alone tools (like Excel) to tackle complex reporting needs.
Here are some common “Excel hell” issues related to data security and privacy:
- Who created the report?
- When was the data refreshed?
- How much time is being spent in validating who should receive the reports?
- How can we prevent people from sending reports to the wrong recipient?
- Was a device (without an encrypted HD) stolen with sensitive data on it?
- How can we give external users (like board members or partners) access to their relevant data securely?
- How can we prevent people from accessing reports that they are no longer entitled to access (even past ones)?
- How can we prevent (or make it harder) for people to store reports or download data to unauthorized devices not protected by the security policies?
Enterprise Reporting Platforms
When companies begin to review their data privacy, they often realize that the built-in reporting features in their ERP and tools such as Excel are actually contributing to potential data breaches and it can be challenging to enforce and manage data privacy while providing methods for the reporting requirements.
Here’s a summary of how Enterprise Reporting Platforms add value for data security:
- Centralized way to manage secure access to all data for reporting (not only ERP).
- Centralized and easy ways to monitor report on data usage. It comes easy to spot if someone is consuming data they are not supposed to.
- Secured and self-service report consumption, along with centrally managed mechanisms for report distribution (no more “oops emails”).
- Integration with active directory, single sign-on and multi-factor authentication.
- Security settings to prevent (or make it harder) users from accessing and downloading data to their local computers.
- Segmentation of data structures to prevent lapses in security; for example, segmenting payroll users into a portion of the reporting platform that no other users have access to, making it impossible to accidentally add someone from another department into the payroll section.
DataSelf offers a mature Enterprise Reporting Platform that has been helping many companies take their security privacies to a Fortune-2000 level quickly and inexpensively. Leveraging MS SQL data warehousing coupled with their latest DataSelf ETL+ technology, Tableau, Power BI and Excel, their platform may be deployed on premises or leveraged with their AWS and Azure cloud frameworks.
Click the button below to learn more about DataSelf
and how their platform can accelerate your business!