Patch Management: Are you putting your business at risk?!
15th November 2016
42% of all security vulnerabilities could have been mitigated by simply applying security updates, or migrating away from unsupported software*
Adobe, Ashley Madison, Carphone Warehouse, Experian, Sony, eBay, JP Morgan…
You may have heard of some of those businesses? They all have one thing in common. Over the last few years, each has been a victim of a massive IT security breach.
Those businesses are huge global corporations, and each security breach has been equally as massive. It’s true that these corporate giants make the front page of the daily tabloids whenever there’s a problem. Don’t let that fool you into thinking only large businesses ever get hacked!
Smaller businesses are just as at risk – perhaps even more so. Small business owners face the same every day challenges as these huge corporations, but they have less technical and financial resources available.
*Source EdgeScan 2015
Why’s patching so important for my business?
Year on year, the number of discovered security vulnerabilities is increasing at an alarming rate. Not just in our operating systems (such as Windows, Mac OSX and Linux), but in every day applications. For example, in 2015, there were 314 exploits found in the popular web plugin Adobe Flash (up from 76 in 2014), and a further 100 in Apple’s iTunes software (up from 13 in 2014).
Unpatched security vulnerabilities can let cyber criminals access your businesses IT systems. In-fact, it might even take more than 8 months before a business even realises it’s been hacked!
This often leads to a breach of confidential data, a loss of client confidence and the lasting impact of financial fraud.
With our ever increasing reliance on IT to make our businesses successful, it’s more important than ever to install security patches – and quickly. Worryingly, recent trends seem to suggest that cyber criminals are becoming quicker and quicker at reverse engineering disclosed vulnerabilities. Cyber criminals may be able to exploit a vulnerability before a patch has even been made available (also known as ‘Day Zero’ vulnerability).
What can I do to secure my business?
We believe businesses should use a layered approach to IT security. Each layer provides a level of protection against Cyber Criminals.
- Patch Management: In today’s world, perhaps the most important task of all is to keep your operating system and applications up-to-date. One of the simplest and stress free ways of ensuring your computers are patched is to invest in a 3rd party patch management tool such as MyPC Buddy.
- Virus Detection: Make sure you use a reputable Antivirus vender such as ESET and a decent Anti-malware product such as Malwarebytes.
- Make sure you are using a supported operating system: Windows XP & Server 2003 hasn’t been patched since April 2014 leaving businesses still using them wide open to attack! Only use supported operating systems, and consider upgrading to Windows 10 & Server 2016 for additional security enhancements.
- Filter your email: Weed out malicious email before it even enters your network, using tools such Solarwinds Max Mail, and Microsoft Office 365.
- Become the Internet Police: Use OpenDNS, or Meraki routers to control & filter out malicious web traffic, and choose what type of sites are appropriate for your business.
- Supercharge your firewall: Using the router supplied by your ISP?! STOP! ISP supplied routers often have unpatched vulnerabilities. Replace your bog-standard router with a cloud managed, supercharged firewall from Cisco Meraki!
- Make it complex: Beef up your password security using Lastpass or Roboform.
- Backup: Make sure you keep a cold / offsite backup. In the event of infection (or hardware failure), this could be the only way to recover your data.
- Staff awareness & training: – follow us on Facebook, Twitter & LinkedIn for the latest news and advice, download our security infographic and put it on your notice board (click on the image below)