Protect IT: Are Patches Haunting You? 

Halloween is right around the corner, and we’ve got ghosts, goblins, and pumpkin patches on the mind. We’ve also reached part 3 of 3 in our National Cybersecurity Awareness Month (NCSAM) theme series, digging into “Protect IT,” the final piece of the theme “Own IT. Secure IT. Protect IT.”

One of the National Cyber Security Alliance’s focal topics is a very familiar one for providers: If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems. Patching doesn’t have to be spooky—read on!

Patches Aren’t Just for Pumpkins

It’s no secret that updates and patches are essential for security—they frequently fix known vulnerabilities in software, servers, and firewalls. Patches don’t always make it to customers right away, frequently because they are an inconvenience as updates can mean downtime for your customers.

Frequent patching, however, is critically important to help avoid much larger inconveniences such as malware, ransomware, or data compromise. The very fact that a patch for a security flaw has been released can mean trouble for out-of-date products: once vulnerabilities are publicized, it’s easy for cyberattackers to locate and target unpatched systems. Now that’s a little scary.

Nobody likes interruption, but avoiding software updates can lead to bigger problems down the road. In some cases, you may need to “eat the frog”—plan on regular updates and know that occasional downtime might be associated with this important security step.

Many providers set a patch schedule (i.e. monthly, bi-weekly, etc.), but part of leading the market in security is responding to threats immediately. Whenever you receive relevant threat alerts or patch announcements, don’t put it off—update as soon as possible for optimum security.

Additionally, there are plenty of patching tools that are non-intrusive and cost-effective:

  • Windows Server Update Services
  • Remote Monitoring and Management
  • Third-party patch management providers
  • Mobile Device Management (for phones and other mobile devices)

Whichever tool(s) you choose, don’t forget to audit the results to make sure patches were successful.

Patch Everyone In

If you have a system in place to manage updates, employees won’t need to do much other than leave devices available during patch windows. However, a few steps can help manage clients’ expectations and make the process as smooth as possible:

  • Keep a regular patch schedule, but communicate that some vulnerabilities will inevitably need an immediate patch.
  • Share relevant threat alerts and announcements with customers to help them understand the critical nature of updates.
  • Try to provide some notice if you anticipate downtime during an update.
  • Highlight the “why” with a message such as “Updates fix vulnerabilities in the programs we use, and proactively updating is an important part of security. We appreciate your patience during this brief outage.”
  • Include the update philosophy and any set patch windows in employee onboarding process and the Technology and Data Use Policy.

Regular patching is a necessary step and a proactive way to help keep your customers secure. Don’t fall for the oldest trick in the book; treat patches with priority and your customers won’t be left in, or afraid of, the dark.

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.