The Humble Software Patch Is a Mighty Security Tool
Updating and patching your company’s software is like eating right and exercise. We know we should, but a lot of us don’t–and the results can be hazardous to your business’ health. If you need some motivation to start a software patch and update program, consider this: Researchers who analyzed more than 200 million software-vulnerability exploitation incidents worldwide found that virtually all of them—99.9%–involved problems that should have been patched more than a year before the attack. That means those companies had gone more than a year without fixing known problems even though patches are free.
For enterprises with IT teams, the patch situation should be well in hand already, because diligent software maintenance is now required by the federal Sarbanes-Oxley Act. But smaller businesses may not have an IT staff, which may be one reason they are increasingly targeted by data thieves and hackers looking for easy wins. If you’re operating with a small staff, here’s what you need to do.
Know your software
Maintain a list of every program your business uses, including operating systems, applications, and security tools. All of these should be updated regularly, with patches installed as soon as they are announced. This should include employee owned devices if your company allows BYOD (bring your own device), to prevent infiltration into your network from devices you don’t directly manage.
Decide whether and how to automate your updates
Many programs can update automatically if the user allows it. This is the easiest and most-often recommended option, because the updates and patches are installed on their own. Be sure to schedule automatic updates for non-critical time of day to avoid work slowdowns and restarts during busy hours. If your software is overdue for updates they’ll take longer at first, so plan accordingly.
Another option is to have the software notify you when updates are available. The problem with that is that when we’re busy, there’s never a good time to interrupt the workflow. You’ll need to balance efficiency with reminders to ensure that updates and patches get installed. And anything described as a “critical update” should be installed right away. Critical updates are fixes to high-profile security flaws. That means the bad guys are aware of the problem and ready to exploit it.
Train your team
Decide who’s responsible for managing updates on your in-house equipment. If you have people working from home, the road, or the coffee shop down the block, remind them to keep their mobile device and laptop software and apps up to date. You can and should require that company-issued devices follow a regular update plan. Employees who bring their own devices should keep those updated in order to use them for work.
Use tools to manage patches and updates
If managing updates is too time-consuming, there are options to save time and keep you secure. You can outsource your patching to an IT management company. You can also move some of your software to the cloud, which transfers the responsibility for maintaining it from you to the software provider. Another inexpensive option is a patch management product. Security software publishers such as Kaspersky, Avast, and Symantec offer these tools to screen and update your software on a regular schedule.
Patching software isn’t flashy but it’s inexpensive and it works. Create a patch and update plan for stronger security now and a healthier business in the long run. To find out how Forte can help your business with secure payment solutions including point-to-point encryption and tokenization, give us a call at 1.866.290.5400 or send an email to firstname.lastname@example.org.