two men working with a tablet

The definitive guide to patching

We would like to think that once we’ve installed a piece of software that there are no other tasks necessary. However, if you’re not looking past its current usage and only planning on thinking about when it’s time to upgrade, you could be putting your entire infrastructure at risk.

When it comes to issues of security, we hate to sound like doomsayers, but the risks of cyber attack are all but guaranteed with new threats arising on a near-daily basis. Your systems and software are vulnerable to exploitation from any number of sources. Whether it’s from bad actors finding more clever ways to probe and infiltrate your system because of security gaps in your software, the threat is real.

That being said, there is more to software maintenance beyond the initial installation. You have to keep up to date with software patches that companies release. Designed to plug the security holes and bolstering your defenses against more sophisticated attacks, they are essential to maintaining your security.

Setting up the optimal patch installation process

To make the whole patching process easier, first examine your entire IT setup and see what vulnerabilities may already exist. You might be able to make things more efficient when it comes time to install a patch.

Inventory the operating systems and versions in use at your business in addition to IP addresses, locations, users, and functions. From here, try to standardize your setup so you’re running identical versions of both system and application software. The fewer number of versions running, the fewer patch installations you should have to worry about.

Additionally, take a look at what security protocols you already have in place including routers and firewalls and their configurations. This will help you determine how critical a software vulnerability alert may be.

Calculate the vulnerability and likelihood of a cyber attack, then prioritize the risks. Even though you might have a firewall that protects you from one vulnerability, you may have other, less secure servers. While not every known threat may apply to you right now, they should still be addressed at some point in the near future.

Laptop with security shield graphic concept

Keeping current on security alerts

No matter the size of your business, you should have a dedicated person or team already keeping track of security warnings and patch release announcements. If you have a contracted IT management team, you should find out if this is part of your coverage.

Some software notifies you when a security patch becomes available and provides specific instructions. Other companies will email your software registration contact. Some will rely solely on industry news outlets to spread the word. In any case, you need to have someone who can keep on top of cyber threats and security developments.

Whoever is in charge of keeping track of security alerts should also be able to determine the best time to install the patches while minimizing business downtime.

Applying the patch–manually or automatically?

Depending on the size of your network or the amount of software that needs to be updated, patch installation could be either manual or automatic. While manual patch installation isn’t an effective use of time for large systems, it might be more cost-effective for smaller IT environments.

When working with an IT infrastructure that’s spread across several servers and locations, you’ll need to look at the variety of commercial tools available for patch maintenance.  The top two commercial patch management tools with the widest range of platform, software, and OS support are Microsoft System Center Configuration Manager (SCCM) and Symantec Patch Management Solution.

Both Microsoft System Center Configuration Manager and Symantec Patch Management Solution support:

  • All modern Windows computers
  • MacOS
  • Most varieties of Linux and Unix
  • Many iOS and Windows-based mobile devices

If you go this route, you’ll need to purchase a software management product that supports both your current and future platforms and needs.

Person with a mobile device on hand

What about mobile devices?

While mobile devices are vulnerable to cyber attack, a lot of security patch management tools for mobile devices are fairly quick and easy to use. In many cases, these patches install automatically. Because mobile apps tend to be small, devices will often reinstall the app in its entirety with no loss of personal data.

Even when the apps don’t automatically update or reinstall, there is usually at least an update notification in your app management utility. Taking care of this is as simple as granting the device permission to download and install the update.  Your app management software will also often give you a history of past updates so you can confirm what has and has not been updated.

In those areas of mobile device management that aren’t so easily covered automatically, Microsoft and Symantec also have patch maintenance tools aimed specifically at mobile platforms.

Getting ahead of security issues means staying ahead in business

There are many ways cybercriminals can attempt to infiltrate your systems including phishing, malware, identity theft, brute-force hacking, and more. It’s a constant chore to keep ahead of the threats, but failure to do so may result in expensive downtime or even catastrophic loss or corruption of data.

When your system goes down, you’re productivity grinds to a halt and you not only suffer a loss in profit but a loss in your reputation. You owe it to yourself and your customers to keep on top of good security. Your software and system creators are doing their part to close holes where they find them but at the end of the day, it’s up to you to act upon security notifications and the solutions they supply.