Avoid Attackers with these 6 Best Practices for Patch Management

Avoid Attackers with these 6 Best Practices for Patch Management


Technology is complex and constantly evolving. New technologies, and updates to old technologies, are released every day. And these updates aren’t just for new features. Very often these updates contain patches that fill security holes or include fixes for bugs the manufacturer has identified. Even still, when most people receive a notification that they need to update their computer, they tend to put it on the back burner and continue working.

Don’t be your own worst enemy. Implement a patch management policy and ensure your employees follow it.

In general, whenever Microsoft or Apple identify a bug, security vulnerability, or a feature that can be improved, they begin working on an update. Once an update is released you will start receiving regular pop ups asking you to install it and reboot your computer. Unfortunately, most people have a habit of ignoring these reminders, and end up waiting forever to patch their computers. This might sound harmless, but I assure you it is VERY serious.

Consistently applying patches is critical. Often a hacker only finds out about a vulnerability AFTER an update is released to resolve it. They then begin crafting an exploit that takes advantage of the vulnerability. So, if your computers are left unpatched, you are making the hackers life a lot easier. That’s why a patch policy is so important - it maximizes your security – for FREE. The more consistently you apply patches, the safer your business will be.

Here are 6 best practices you can implement to help you build a plan and secure your business:

  1. Inventory Your Systems: Have an inventory of all the software and hardware in your business. This information will help you and your team identify software or hardware vulnerabilities before they become a bigger problem.
  2. Assign Risk Levels: It is beneficial to assign risk levels (critical, normal, low) to your inventory, so that you can easily define which items need to be patched first. For instance, if you have both a server and printer that required a patch update, based on their risk level, you will be able to decide which one to update first. This practice is extremely beneficial when you have multiple devices like servers, computers, printers, switches, firewalls, smartphones, and smart TV’s that all require regular updates.
  3. Use Similar Software Versions: The more different versions of a piece of software, the higher your risks are of experiencing an attack or breach. If you have several different editions of Adobe, and even if one employee doesn’t update it, it’s possible that they could be breached, causing your entire organization to be exposed. If you only have 1 or 2 versions of the same software, it’s much easier to track who has updated it and who hasn’t – since the updates are released on a consistent schedule.
  4. Keep Up To Date On Patches: Keeping up with patch announcements gives you a clear picture on which hardware and software needs to be patched. It gives you more visibility, that way you can schedule a time for all users to do the update, when it won’t affect productivity. Working with a Managed Services Provider will ensure you are up to date on new patches and puts the responsibility for patching in their hands, so you don’t have to manage this on a day-to-day basis.
  5. Mitigate Patch Exceptions: Sometimes applying a patch can cause issues with your line of business applications. Often, we find that businesses will intentionally delay the installation of the patch, so it doesn’t negatively effect operations. If you intend to delay an update, we recommend that you secure your systems as much as you can. The first step you should take is to change the user permissions on the relevant application and the server. The goal here is to reduce the chances and the impact of a security disaster.
  6. Test Patches: Every business is different. That’s why it is important to run the patch on a small sample of your computers. By doing this you can ensure that the patch doesn’t cause any issues before applying it to the rest of your IT environment.

Poor patch management can lead to cyber attacks, data breaches, and theft. Following these 6 best practices can help secure your business before its too late! If you need help understanding the security vulnerabilities in your network and how you can plug those holes, call us now at (416) 966-3306. We would be happy to help.