Halloween is right around the corner, and we’ve got ghosts, goblins, and pumpkin patches on the mind. We’ve also reached part 3 of 3 in our National Cybersecurity Awareness Month (NCSAM) theme series, digging into “Protect IT,” the final piece of the theme “Own IT. Secure IT. Protect IT.”
One of the National Cyber Security Alliance’s focal topics is a very familiar one for providers: If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems. Patching doesn’t have to be spooky—read on!
Patches Aren’t Just for Pumpkins
It’s no secret that updates and patches are essential for security—they frequently fix known vulnerabilities in software, servers, and firewalls. Patches don’t always make it to customers right away, frequently because they are an inconvenience as updates can mean downtime for your customers.
Frequent patching, however, is critically important to help avoid much larger inconveniences such as malware, ransomware, or data compromise. The very fact that a patch for a security flaw has been released can mean trouble for out-of-date products: once vulnerabilities are publicized, it’s easy for cyberattackers to locate and target unpatched systems. Now that’s a little scary.
Navigating the (Pumpkin) Patch
Nobody likes interruption, but avoiding software updates can lead to bigger problems down the road. In some cases, you may need to “eat the frog”—plan on regular updates and know that occasional downtime might be associated with this important security step.
Many providers set a patch schedule (i.e. monthly, bi-weekly, etc.), but part of leading the market in security is responding to threats immediately. Whenever you receive relevant threat alerts or patch announcements, don’t put it off—update as soon as possible for optimum security.
Additionally, there are plenty of patching tools that are non-intrusive and cost-effective:
Windows Server Update Services
Remote Monitoring and Management
Third-party patch management providers
Mobile Device Management (for phones and other mobile devices)
Whichever tool(s) you choose, don’t forget to audit the results to make sure patches were successful.
Patch Everyone In
If you have a system in place to manage updates, employees won’t need to do much other than leave devices available during patch windows. However, a few steps can help manage clients’ expectations and make the process as smooth as possible:
Keep a regular patch schedule, but communicate that some vulnerabilities will inevitably need an immediate patch.
Share relevant threat alerts and announcements with customers to help them understand the critical nature of updates.
Try to provide some notice if you anticipate downtime during an update.
Highlight the “why” with a message such as “Updates fix vulnerabilities in the programs we use, and proactively updating is an important part of security. We appreciate your patience during this brief outage.”
Include the update philosophy and any set patch windows in employee onboarding process and the Technology and Data Use Policy.
Regular patching is a necessary step and a proactive way to help keep your customers secure. Don’t fall for the oldest trick in the book; treat patches with priority and your customers won’t be left in, or afraid of, the dark.
Your Friends @ Defendify