Our management team is concerned about the potential of data leaks from our legacy in-house ERP application. How should I go about validating its security and offering up best practices to prevent data leakage?