Patch management isn't sexyIt is VERY Important
Patch management isn’t something most business owners think about. Some will tell you they’ve turned on automatic updates. So, that’s it, you’re good right? Not so fast.
Desktop, Laptops, and their software
Desktops and laptops with automatic updates turned on will receive microsoft updates on “Patch Tuesday”. The day named because Microsoft typically releases patches on a Tuesday of a month. If you have windows 10 you have more options in the name of “rings” or a distrobution track.
What about the other software on your machines? How often are they updated? At the time of this writing, Adobe Reader has no less than 100 vulnerabilities listed. That’s just one popular software program. Add in Office, java, flash, and the other software installed on your systems the time needed to managed these updates starts to add up.
Sometimes, updates fail. Microsoft isn’t great about making sure you realize an update has failed. Busy employees certainly don’t usually notice the little popup displayed.
When they fail, the vulnerability is still present on your system. Why they failed can be a number of reasons, but it is a common occurrence.
Unless you’re running a vulnerability scan on your network against your machines you wouldn’t know this information.
Why is it important?
Viruses and Hackers
Currently Petya ransomware is spreading and one of the channels is windows folder sharing flaw via an email. You may not have windows shares setup, but you’re Windows machine does. It has two that you may not even know about. C$ and Admin$. This is only an example, but petya is about to cost companies close to a Billion dollars.
Many times those updates and patches are created because a flaw in the software. Not installing updates also means you could be susceptible to coding mistakes or conflicts. They can be costly but usually just annoying. However why take the risk when patches and hot fixes are free?
Managing patches and updates on machines doesn’t have to be hard. Our customers enjoy the freedom of knowing we’re watching for failed updates, vulnerabilities, and virus intrusions. For those want to manage this you’ll need to touch every machine and check the update logs for Windows. In addition you will need to check each of the programs installed and see if they are on the latest version. Sounds tedious? That’s because it is. Even with 4-5 machines it can take a few hours out of your day.
If you’re concerned and want to discuss your options with us, contact us here
Servers need updates too
Your business servers, on-site or VPS, also need patches. The Equifax breach was due to web server software that wasn’t updated. The patches were available that would have stopped it. I’m sure the CEO of Equifax and CIO had a very uncomfortable discussion on why they weren’t applied.
Your servers are the life blood of your network. They house your data, perform tasks, and typically run critical software. Most businesses use an on-site Window server and it needs the same patch/upgrade management that your desktops do. Server patch management typically runs on a monthly schedule because those same patches can break crucial software your business needs. They have to be applied carefully and in the event of a problem, uninstalled until Microsoft releases an updated version of that patch.
VPS or CO-LO servers
So you have a VPS server and unless it’s managed, most are not, you are probably responsible for updates and patches. Linux can feel tricky to update and some Linux distributions need a special update command for security updates and hotfixes. Other’s do not. If you’re unsure if your VPS is managed, call your provider and ask.
So if it’s managed, I’m good right? Maybe not. You’re at the mercy of your provider and when they install patches. Only a security assessment of the server will tell you if it’s vulnerable or not. We can help with that assessment. If it is vulnerable or has missing patches/updates, you can ask the provider when they will update the server. You may want to consider moving your VPS service to a new provider.
It’s boring but necessary
Patch management is boring but necessary. If you made it this far in the article, we’re impressed! It also means you have a concern about how this is being managed at your company. We can help by running a vulnerability scan of your entire network, no matter how small or large. We can also help you discuss your options for managing patches and upgrades, contact us here.
Whatever you decide to do, be proactive.
- Ask your employees if they have any warnings on their machines.
- Check your server’s logs to for failed updates.
- Make sure you have Automatic Updates turned on and set to install automatically
- Check the software installed on each machine to ensure it’s current and updated.