Select Page
Electronic Signatures (eSignatures) in SYSPRO

Electronic Signatures (eSignatures) in SYSPRO

A “Signature” SYSPRO Admin Tool

Electronic Signatures (also referred to as eSignatures) is one of SYSPRO’s most powerful administrative tools. It allows you to audit and monitor transactional data against any type of event you can imagine throughout SYSPRO. In addition, it also includes “trigger” features where you can have certain events execute custom scripts, send email messages, or invoke custom reports. This section of SYSPRO has several layers of functionality. Explaining it all is difficult, so we have highlighted below some of the key features that eSignatures have and how you can use them to improve your SYSPRO experience.

Signature eSignature SYSPRO Admin Manufacturing Tool

Auditing Capabilities

The most used feature of eSignatures would be the auditing capabilities that they possess. If you have used SYSPRO for a good amount of time, you may have come to find that it is hard to track down “who did what” and “when did it happen”. SYSPRO does not natively keep much information on file about who is committing changes to the system.

For instance, by default in SYSPRO, you will have a hard time figuring out who created that one purchase order, who completed that job prematurely, or who modified the price of that sales order line. eSignatures exist to solve exactly that!

In the Electronic Signatures Setup program, you can browse on any type of event across all SYSPRO modules. Against each of these specific events, you can set up access levels, custom triggers, and detail logging of key data points relating to these events when they take place throughout SYSPRO. As an example, under the “Sales Orders” module, you can add a logging condition against the “SO add sales order” transaction to keep a log of any operator who creates a sales order in SYSPRO.

Each time a sales order is created, a log entry is then stored in the database with details about who created the sales order, when they created it, and which details the sales order was created with. You can query eSignature event logs by using the eSignature Query program later for auditing purposes.

eSignatures in SYSPRO

Additionally, there are also “e.net” type transactions for the same events that track when business objects perform these events. These can be extremely helpful if your environment uses any third-party products or custom business object implementations. There are otherwise no other efficient ways in SYSPRO to monitor or track changes that are committed by business objects unless your custom integrations have been programmed to track it themselves.

SYSPRO eSignature Triggers

Triggers can be configured against an event to perform a certain action. Contrary to the logging, these are helpful if you are looking to perform an additional action when an event takes places. When setting up an eSignature Trigger, you can choose between the following trigger action types:

  • Email
  • Run a VBScript
  • Run any program
  • Run any application
  • Write to message inbox
  • Run an SRS report

You can probably already start to imagine the countless things these could be useful for. For instance, perhaps you want to receive an email whenever a new customer is created in SYSPRO. Maybe your programmer wants to run a script and perform a given activity if the event was triggered by a specific operator, roles, or group. Or maybe, you want to run an entirely custom-built program and pass it the sales order number that was just created and captured by the eSignature.

These details only scratch the surface of what is possible with eSignatures in SYSPRO. There are several additional features within this section of SYSPRO that may be worth your time to investigate and get familiar with as they can take your company’s SYSPRO experience to the next level.

Your SYSPRO Autograph

Electronic Signatures (eSignatures) emerge as a cornerstone of SYSPRO’s administrative arsenal, delivering robust functionalities to enhance the overall user experience. The auditing capabilities stand out as a pivotal feature, addressing the longstanding challenge of tracking changes within SYSPRO. By meticulously logging key data points related to various events across modules, eSignatures enable users to easily trace actions, such as the creation of purchase orders or modifications to sales order prices. The Electronic Signatures Setup program empowers users to establish access levels, custom triggers, and detailed logging, offering a comprehensive solution for auditing purposes.

Furthermore, the versatility of eSignature triggers adds another layer of efficiency, allowing users to configure actions such as sending emails, running scripts, or generating custom reports in response to specific events. As we delve into the intricacies of eSignatures, it becomes evident that the possibilities extend beyond the surface, with additional features waiting to be explored. By investing time in understanding and leveraging the full potential of eSignatures, businesses can elevate their SYSPRO experience, ushering in a new era of efficiency and control.

Frenetic to Kinetic: 5 Tips for Epicor Kinetic Upgrades

Frenetic to Kinetic: 5 Tips for Epicor Kinetic Upgrades

Transforming ERP Upgrades into Smooth Operations

As your manufacturing company considers upgrading its current Enterprise Resource Planning (ERP) system to Epicor Kinetic, the prospect of navigating potential challenges and complexities might seem daunting. However, with the right approach, this transition to advanced enterprise software can be a smooth and beneficial process for your organization.

Epicor Kinetic Upgrades ERP Project

Preparation for ERP Upgrade Team Success

Begin by thoroughly preparing for the transition to Epicor Kinetic. Evaluate your ERP needs, customize the solution to align with your requirements, and identify any redundant aspects of your current system. Gain a comprehensive understanding of Kinetic’s new features and formulate a detailed upgrade plan tailored to your company.

Utilize Documentation for a Stress-Free Epicor Upgrade

Leverage available documentation and industry best practices to make the upgrade to Kinetic a stress-free experience. Conduct an initial consultation to walk through the planning and upgrade process, ensuring your team is well-informed and prepared for the transition.

Adopt a Three-Stage Approach to All ERP Upgrades

Implement a three-stage approach to streamline the upgrade process. Develop checklists, tools, and data fixes that align with the flexibility and customization needs of your current system. This approach minimizes disruptions and ensures a seamless transition during each stage of the upgrade.

Harness the Power of ERP Upgrade Tools

Prior to your upgrade, use tools to identify necessary customizations and anticipate potential obstacles. Post-upgrade, utilize tools to understand your new configurations and operating system. This analytical approach enables your team to make well-informed decisions throughout the transition. Software is alive, and Epicor Kinetic upgrades often become part of a holistic digital transformation process, and the abundance of tools will help your team optimize every digital step. 

Invest in Employee Learning for Optimal Performance

Maximize the performance of your updated system by investing in employee learning. Develop a comprehensive training plan to ensure that your staff can fully utilize the functionality of the new Epicor Kinetic system. Proactively schedule training sessions to facilitate a smooth transition and enhance overall workflow and productivity.

By adopting these strategies and focusing on internal capabilities, your manufacturing company can smoothly transition to the Kinetic upgrade. Navigate each step with careful planning, industry knowledge, and a commitment to optimizing your ERP system for enhanced efficiency and productivity. Embrace the benefits of a newly customized system without hesitation, and position your company for success with Epicor Kinetic.

Totaled Tip: Choose Your ERP Cloud Wisely So You Don’t Crash

When considering the Epicor Kinetic upgrades, businesses often find themselves deliberating between the private cloud deployment and the Software as a Service (SaaS) web-browser version. The private cloud option provides companies with a dedicated environment, offering greater control over customization, security, and data management. It is an ideal choice for organizations with specific compliance requirements or those seeking a tailored solution. On the other hand, the SaaS web-browser version, being a cloud-based option, offers flexibility and accessibility. With this model, businesses can benefit from reduced infrastructure costs, automatic updates, and seamless scalability. The decision between private cloud Kinetic and SaaS depends on factors such as organizational needs, preferences, and the level of control desired. While private cloud ensures a more personalized approach, SaaS brings the advantages of convenience and agility in adapting to evolving business requirements.

Are you looking for help with Epicor Kinetic upgrades and updates?

Chat with us now for immediate help, or schedule a free introductory consultation with one of our Epicor experts.

ChatGPT Security? Tell Me About Your Motherboard

ChatGPT Security? Tell Me About Your Motherboard

ChatGPT security concerns reveal that business owners are hesitant to let AI replace humans.

In November 2022, OpenAI introduced ChatGPT, an artificially intelligent, natural language chatbot. ChatGPT interacts with its users in uncannily humanistic and intelligent ways. 

ChatGPT Security EstesCloud

ChatGPT (Conversational Generative Pre-trained Transformer) is a new type of artificial intelligence technology that is being developed to improve the way people interact with machines. While it is intended to provide faster and more intuitive responses to queries, it also carries potential security risks, especially for business owners. 

The main concern is that, due to its complex nature, it could result in the loss of private data at great cost to companies and their employees. Furthermore, the technology could lead to a lack of control over data and give hackers the power to manipulate user behavior. This could be particularly damaging to those who rely on personal data to make decisions, such as financial services.

Additionally, ChatGPT could potentially cause unintended consequences, such as decreased privacy, as well as a lack of transparency. Therefore, it is essential to understand the implications of this technology before it is put into use.

The capabilities of ChatGPT and other Artificially Intelligent (AI) platforms are truly astounding. Users can ask ChatGPT questions and expect meaningful, accurate answers. However, these advancements in AI and chatbot technology come with their own set of compliance, privacy, and cybersecurity concerns. 

For instance, as these AI platforms become more sophisticated, they may begin to store more personal data and analyze user behavior. This could lead to potential privacy violations and other security risks:

  • AI-powered chatbots are particularly vulnerable to malicious attacks, as hackers may attempt to exploit vulnerabilities in AI platforms in order to gain access to sensitive information, manipulate data, or disrupt operations.
  • Additionally, AI-powered chatbots may be vulnerable to social engineering attacks, wherein hackers may use techniques such as phishing, impersonation, and disinformation to gain access to systems or manipulate people.
  • Furthermore, AI-powered chatbots may be vulnerable to data poisoning attacks, wherein hackers may input malicious data into AI systems in order to corrupt their output.
  • Finally, AI-powered chatbots may be vulnerable to adversarial attacks, wherein hackers may use sophisticated methods to fool the AI system into producing incorrect results.

These attacks can be used to gain access to valuable data, disrupt operations, or even cause physical harm. As such, it is important for businesses to take the necessary steps to protect their AI platforms from potential cyber threats. 

The question and answer exchange feature of a chat-based AI tool allows users to exchange information and collect personal data, making it easier to target specific audiences with tailored content.

AI security issues surface greater challenges in company data management.

Sophisticated chatbots provide an efficient way to generate content quickly, allowing users to quickly respond to customer requests or create high-quality content. As AI systems collect data, threat actors can scavenge for personal data, such as payment information or an email address. Something immediately helpful in customer relationship management soon becomes a data management nightmare.

Aside from the entertainment and educational capabilities of this new AI technology, ChatGPT and its other rival AI platforms have the potential to revolutionize the internet and working atmospheres.

In the technology realm, IT workers can use ChatGPT to enhance their development by asking the tool to quickly write or revise code. Considering the capabilities of AI platforms, it’s no wonder why companies are investing in and implementing AI technology.

However, like many other technological advances in history, AI platforms have potential privacy and cybersecurity risks. Recently, Italy, Spain, and other European countries have raised concerns about the potential privacy violations that could arise from using ChatGPT, an artificial intelligence (AI) platform. As a result, these countries have sought to introduce new regulations to ensure that ChatGPT respects the privacy of its users.

In particular, these regulations would require the platform to limit the collection, use, and disclosure of users’ personal data, as well as to ensure that users are able to access, modify, or delete the personal data they have provided to the platform. The regulations would require ChatGPT to take appropriate steps to ensure that any personal data collected is adequately protected from unauthorized access, use, or disclosure. This includes implementing appropriate technical and organizational measures such as encryption, pseudonymization, and secure storage systems. 

ChatGPT would also be required to provide users with clear and detailed information about how their personal data is being used, such as the purposes for which it is being collected and processed, the categories of data being collected, how long it will be stored, and who it will be shared with. Furthermore, ChatGPT would need to ensure that users are aware of their rights in relation to their personal data, including their right to access and to request rectification or deletion of their data.

Many countries have banned ChatGPT. Under the Biden administration, the United States will roll out a comprehensive national security strategy to address the growing threat of hacking and malicious use of artificial intelligence (AI) platforms. This strategy will involve the coordination of multiple federal departments and agencies, including the Department of Defense, the Department of Homeland Security, the Department of Justice, and the Office of the Director of National Intelligence. It will also require close coordination with international partners and allies, as well as the private sector and civil society organizations to ensure that the strategy is effective and comprehensive in scope.

The strategy will include a focus on protecting critical infrastructure, strengthening deterrence and detection capabilities, improving information sharing and collaboration, and developing new technologies to protect against malicious cyber threats and malicious AI use. The strategy will also involve enhancing international cooperation and engagement to counter malicious cyber activities, as well as increasing public and private investments in cyber security research and development.

The Biden administration will also be seeking to build public-private partnerships to improve the security of both public and private sector networks and systems. AI platforms are increasingly becoming popular due to their innovative and highly capable nature. However, these platforms are not without their risks and need to be assessed by multiple parties.

Cybercriminals are constantly looking for ways to take advantage of these platforms, targeting them in order to steal confidential information, generate malicious software, or gain access to data systems. These types of cyber attacks can have serious implications for the security of the platform and its users, resulting in the loss of valuable data, financial information, and sensitive personal information. Therefore, it is essential that organizations take the necessary steps to protect their AI platforms against these types of malicious attacks. This includes implementing robust security measures and regularly monitoring the platform for any suspicious activities. Additionally, it is important to stay up to date with the latest cybersecurity trends and technologies in order to ensure that the AI platform remains secure and protected.

Although OpenAI has programmed ChatGPT with the appropriate rules to prevent abuse, hackers have already figured out how to “jailbreak” the platform. In as little as a minute, hackers can generate malicious code for criminal intent. Prior to utilizing ChatGPT, their efforts may have taken days or even weeks.

AI-generated malware and cybersecurity attacks have already occurred. For example, hackers recently used ChatGPT to generate apps that successfully hijacked Facebook users’ accounts.

Preventing cybersecurity attacks and data breaches are of utmost importance for companies that desire to protect their sensitive data and minimize their costs, and now that hackers are using AI platforms to further their criminal activities, it is imperative, now more than ever, for companies to seek the best security solutions.

EstesGroup offers EstesCloud services to protect companies’ private data and systems from cybercriminals who may use new AI platforms for malicious intent. EstesCloud protects companies in a changing society in which AI technology is accelerating and enhancing hackers’ criminal activities. ChatGPT security is included in the private cloud and hybrid cloud infrastructures that we create for our clients.

ChatGPT security isn’t an issue when your powerful, highly capable AI and ERP tools are protected in a reputable data center. EstesGroup is ready to protect companies from hackers who use ChatGPT and other AI platforms to attempt to breach their data systems. The new AI technology will inevitably advance in the future, and as companies embrace and implement AI platforms, security solutions, like EstesCloud, will be necessary to safeguard private data and protect data systems.

EstesGroup realizes that innovation requires responsibility and security solutions, and the Estes’ team of highly skilled and dedicated professionals are ready to assist companies that seek the best cloud protection. Only time will tell how AI platforms will transform company atmospheres, but companies can rest assured that EstesGroup is ready for an artificially intelligent future.

How to Prepare Your Supply Chain for 2023

How to Prepare Your Supply Chain for 2023

Over the last few years, I’ve seen companies perform every possible inventory management tactic to mitigate the supply chain challenges that afflicted the nation as a function of the pandemic. Some strategies proved to be detrimental, with manufacturing and distribution companies burdened at times with massive quantities of low-turn product. 

That is to say, if you are a distributor recovering from stressors due to the pandemic, optimally managing your Prophet 21 inventory levels is of utmost importance as you head into the new challenges of 2023. COVID-19 and other recent global events are testing the resilience and flexibility of supply chains. 

Supply Chain Challenges International freight or shipping service for online shopping or ecommerce concept : Paper boxes or carton put in circle around a clear crystal globe with world map on a computer notebook keyboard.
slimstock logo

How Can You Prepare Your Supply Chain for 2023?

Slimstock is one company that can show you how to be ready for the possible supply chain rollercoasters of the new year. Slimstock’s forecasting, planning, and purchasing solution integrates with the P21 application to bring you to the next level of P21 efficiency and P21 optimization.

Slimstock is the market leading AI-powered inventory optimization software. Slimstock helps companies using Epicor Prophet 21 by enabling the delivery of the right stock to the right place at the right time.

Slimstock does this by all-in-one P21 integration of Inventory Forecasting, Demand Planning and Purchase Optimization, with machine learning capabilities.

Over the last 25 years, Slimstock has helped thousands of companies to boost profitability and unlock working capital by improving availability, increasing efficiency, and eliminating waste with guarantee on ROI within a year. 

Since their inception in 1993, they have worked in collaboration with business leaders, domain experts and academics and the P21 user community to develop their award-winning inventory optimization platform, Slim4.

Join Jeff Steinecker, Dennis Weir, and Ryan Shanks, on November 30th at 4:00 (Eastern), as they work to help Prophet 21 companies in supercharging their P21 supply chain strategies and practices.

Slimstock Supply Chain Prophet 21

Meet Slimstock at ESTES INTEGRATE 2022

Jeff Steinecker  (Strategic Accounts Executive at Slimstock): Jeff has an extensive experience in helping customers realize gains in productivity, efficiency, and fun. He is a knowledge expert in supply chain and can align, lead, and grow supply chains with assured returns.

Dennis Weir (Business Development Executive at Slimstock): With a strong background in supply chain, Dennis is your Knowledge Partner for Demand Planning and Inventory Optimization. He is excited to represent Slimstock and answer any questions you may have.

Ryan Shanks (Pre-Sales Demonstrations & Solution Architect at Slimstock): Ryan has a background in Supply Chain, primarily focusing on Logistics, Distribution, and Sourcing.  He enjoys sharing knowledge with others and thus is delighted to be a part of the webinar.

ERP Integration Software Event
ERP Culture & Digital Transformation

ERP Culture & Digital Transformation

Who says you have no culture?

Eric Kimberling and the team at Third Stage Consulting serve as thought leaders in the digital transformation community, helping customers through software selection, change management, system implementation, and the integration of technology and business. Their “Transformation Ground Control” podcast series engages the larger business and technology communities to address various topics related to business strategy and digital transformation. Recently, I was able to sit down with Eric and discuss a topic that had become quite important to me in the field of ERP implementation — ERP culture.

ERP Culture Businessman using a computer to document management for ERP. Enterprise resource planning concept.

What is ERP culture?

In our discussion, I defined “ERP Culture” as the set of attributes or characteristics of the company’s overall business culture that support or inhibit the successful implementation of an ERP system. Over the course of an hour, we covered several of these attributes and how they apply to a given implementation.

This topic formed organically enough — I had recently worked with two companies that had gone live on an ERP system within a similar timeframe. The two companies had a number of striking similarities:

  • The two companies were of similar size.
  • Both companies were privately-owned, family businesses, headquartered in the same state.
  • The firms both worked in roughly-analogous market environments, providing products of comparable complexity.
  • Both companies were coming from antiquated, 40-year-old business systems.
  • They were implementing the same ERP system and using the same system integrator.
  • The companies had similar project budgets and similar core team contributions.

The two companies had so many similarities, and yet one implementation was a ringing success and the other was a frustrating mess. In trying to perform forensics to understand just why one implementation was successful and the other a failure, I began to wonder whether the differences between the two projects were due to the significant differences in the cultural makeup of the two companies. 

Having once worked in the area of Lean Six Sigma, the idea of “Lean Culture” had been well documented — the notion that a successful implementation of Lean methodologies was highly contingent on the culture of the organization. I tend to think that the same applies to the ERP community: that the success of an ERP implementation rests heavily on the cultural foundation of the implementing organization. That said, what are the elements that comprise the company’s cultural foundation?

ERP Culture & Digital Transformation

Clarity of Focus

Successful companies are constantly separating wheat from chaff — separating key initiatives from tertiary activities. They tend to be good at taking initiatives to their successful conclusion. They are good at avoiding distractions. In the words of Jack Welsh, they “pick a direction and implement like hell.” And when and ERP project occurs, they becomes the primary focus of the organization, and other initiatives get put on hold. Unsuccessful companies tend to be distracted by shiny objects and this distractibility infects their implementation projects.

Attention to Detail

Successful companies are process-oriented — they understand the importance of specific activities and are not prone to “skipping steps.” At times they are methodical to a fault. This is especially the case when you compare them to “cowboy companies” — companies that play it “fast and loose” in their daily business lives. In the execution of an ERP system, these tendencies quickly become evident, especially when implementing ERP functionality such as labor time entry and inventory management. Successful companies take great pride in the cleanliness of the data involved in these processes. Less successful companies tend to let their data devolve into chaos. And you can never successfully implement ERP from a foundation of chaotic data. 

Preparation

Initiatives such as an ERP implementation are not unfamiliar to successful companies, as such companies tend to plan out initiatives before they do them. They understand the value of a plan and its execution. Unsuccessful companies operate like a headless chicken — lots of activity, but very little direction. The value of such a tendency is self-evident: companies that don’t plan to get to a certain point rarely get there. 

Empowerment

The term “empowerment” generally elicits eye rolls in the manufacturing community, as it sounds like something you’d hear in a mandatory diversity training seminar. If I were to give the term a more rigorous operational definition, I would describe it as the tendency to clearly define individuals’ areas of responsibility, making them accountable for clear outcomes in those areas, and providing them the resources and autonomy to achieve those outcomes. Unsuccessful companies tend to have a domineering management style, where a few “alpha dogs” fight over decisions, while the rest of the organization resembles an army of chronically depressed lemmings. A fundamental tenant of implementing Lean is the ability for teams to define the processes in their areas of responsibility. Such is the same in an ERP system, where configuration decisions can greatly impact process performance. Such a monumental task requires a team of individuals that have the responsibility, accountability, and support to see it though. 

Proactivity

By nature, successful companies are proactive — they are perpetually looking to understand how the chess game plays out. The tendency to look ahead imbues the sometimes tedious steps of an ERP project with a degree of value that is easy to neglect. Such companies tend to be quick to solicit and receive feedback. Proactive cultures also tend to be quick to have honest conversations of the state of a project, when things are not going as planned. Such candor is not a mere complaining — it is the willingness to be accountable for uncomfortable circumstances. The opposite of these tendencies is passivity. In a passive organization, individuals might have trepidation or concerns about a given issue, but lack the proactive tendencies to get ahead of these concerns and bring them to the surface

Sense of Ownership

Ownership is the flipside of empowerment. Highly-empowered employees tend to develop a strong sense of ownership. They are not looking to have things done for them — they’re looking to understand the intended outcomes of a given task and take ownership of them. These are the best kinds of team members to have on an ERP project, as they are self-motivated and are constantly looking to move the ball forward. It’s a question of push vs pull:  I’ve had project managers on projects where the team had a lack of ownership, describe the initiative as “pulling teeth” — they were perpetually having to drag the team along. This is generally an indication of ownership issues. 

Cross-Functionality

Companies vary considerably in the degree to which they encourage their employees to understand the overall company processes, outside of their individual silos. Successful companies tend to have a greater degree of cross-functionality then their unsuccessful counterparts. They recognize the value of understanding an organization from front to back.  As a result, their team members are not content to just understand their own small areas of the map — they want to know the whole thing. One of the great outcomes of an ERP project is the level of cross-functionality that it affords.

Cultural Tendencies & ERP Success

An early mentor of mine once told me that an implementation is equal parts technical and cultural, and if you neglect the cultural, you’ll never achieve the technical endpoint that you desire. My life in ERP has proven this maxim time and again. ERP projects are never easy. But if a company lacks some basic cultural tendencies to support a successful implementation, they will find themselves struggling to achieve their lofty goals.

Don’t Avenge a Cyber Attack – Prevent It

Don’t Avenge a Cyber Attack – Prevent It

One cyber world story that captivated me as a youth was the character of “Ultron,” as depicted in comic books and in the movie adaptation of The Avengers. The character was a breed of artificial intelligence created with the intent of protecting the earth. But he turned against his creators, and against the earth itself, becoming a cyber super villain in the process. Origin story complete. Now queue the good guys.

Cyber Attack Encrypted Files Ransomware Attack

Such is the nexus of superhero narratives. A good intention turns violently wrong, necessitating radical intervention. Movies and comic books love to prey on fears of killer robots and cyber intelligence. It’s an archetype as old as the myth of Daedalus and Icarus: technology going too far and humanity in its arrogance flying too close to the sun, then landing on those old Led Zeppelin t-shirts instead.

Companies encounter similar, albeit less explosive, narratives when deploying cybersecurity solutions, in an attempt to lock down their networks. Often such solutions are deployed in the absence of a comprehensive infrastructure threat review. As such, they fail to provide comprehensive cyber protection.

This amounts to a technical placebo. The cybersecurity plan once implemented gives the impression of the cure without any real medicine provided. And while the attempt to paint over one’s data security problems is not itself an act of malice, it can nevertheless have deleterious effects to the organization in question. 

My own experience in the business world tells me that user oblivion is as dangerous as malice when it comes to cyber vulnerability. A corporate network with rudimentary cybersecurity and normal online hacking attempts, such as phishing scams or malvertising, can be more problematic than a secured network under a heavy cyber attack, such as ransomware.

A Cyber Attack from an ERP Perspective

While the tale of Ultron and the Avengers had itself a happy ending, the story of many businesses is not so optimistic. I once worked for a manufacturing organization that was on the cusp of an ERP (Enterprise Resource Planning) cutover. Painstaking work had been done to ensure that all steps were accomplished and that everyone was ready for a successful go-live.

Training, communication, data conversion—all of the pieces were in place. Cutover weekend went without a hitch; the steps in the go-live plan were executed without issue. The first day live went off without major problems. The normal hiccups associated with a new system surfaced, but nothing unexpected came the way of the ERP implementation team.

On the second day after the ERP go-live, users quite suddenly lost access to shared network drives. Soon after, they began receiving errors when trying to save ERP transactions to the database. Then they abruptly lost access to the application entirely. Amongst all of the communication, they hadn’t even realized yet that their email server had gone down and that they were therefore no longer sending nor receiving communication. Their network had been completely compromised. Chaos ensued.

When people think of the most common reasons for an ERP failure, they normally speak of over-customization, or a lack of management support. They rarely think of ransomware. But for the company in question, getting ransomed over cutover weekend was the first step to a cascading number of failures. In a panic, the company reached for paper-based manual processes while communicating to customers and suppliers over hotspot connections, using the employees’ own private email accounts. It was a cyber mess on all ends and resulted in late shipments, efficiency issues, unhappy customers, and months of work to resolve. Time and talents could have been spent on things other than cyber attack recovery—if only the company had been prepared through preventive measures.

Companies Running ERP Systems Can Avoid Ransomware

The moral of this story is less than heroic: there are no super powers that can save a network that is unprepared, or insufficiently prepared, for an attack. And there are no super heroes to jump in and avenge the wrongdoing.  

Avoiding a cyber attack entirely is always preferable to avenging it after it’s happened. Many companies believe they’ve taken the steps necessary to mitigate a cyber attack. Enterprise risk management needs to be an ongoing activity, however, with business owners and executives involved in designing, understanding, and implementing a cybersecurity plan customized to the vulnerabilities of the industry under attack—because every industry is ALWAYS under attack. 

A company’s greatest vulnerabilities are often the ones that they never realized they had. The greatest risks are the ones they believe they’ve already mitigated. The company in this tale of ERP implementation security chaos thought they had done everything internally to secure their network. But their efforts were done in a vacuum, without any impartial opinions or outside analysis. They weren’t out to create a monster, but their vulnerabilities created a monstrous problem. They didn’t feel they were walking on enemy ground because the villians were hidden and undetected by current cybersecurity measures.

The lesson to be learned here is that malice often masquerades as magnanimity. The most significant threats to an organization are often clothed in good intentions.

Is Your Business at Risk of a Cyber Attack?

Could cybersecurity be the biggest problem you didn’t know you had? I’ll spoil the plot—cyber vulnerability, particularly the risk of a ransomware attack, is the biggest problem currently lurking within most businesses. Manufacturers are at risk of complete shutdown. Distributors face supply chain attacks on a daily basis. And there is no type of business that isn’t under attack. Law offices, financial institutions, hotels, medical facilities—all are under the threat of a cyber attack.

Are you feeling the cyber risk and wondering what you can do to protect your business? Don’t avenge your problems—prevent them before they’ve occurred. Get a security assessment, identify your vulnerabilities, and assemble your future. Know the problems you had yesterday and predict the ones you might face in the future of cybercrime.

Cyber Security