Saw this in my inbox recently: ERP Applications Under Fire Report | Onapsis
I’m not associated with this company nor do we do business with them but I thought to myself, "This is the 
that keeps @Bart_Elia up at night. Well, that and people making direct updates to their database. 
This paper is about SAP and Oracle but the points apply to Epicor as well. ERP holds a lot of information about a company and we need to be vigilant custodians these days.
Food for thought,
Mark W.
Yep. We have a pretty good security team looking at things in core product and with hosted solutions that find things all the time. I say pretty good because there is no thing as expert in this area, just more than the next guy. It’s an active area where the bad guys are always trying to get ahead of the good guys so no one should get comfortable.
It’s also another reason we are striving to make upgrades easier - we are always hardening services as we find issues so want you on newer versions. It’s a scary world and why I dread monitoring Troy Hunt and folks like him.