Updating and Patching

Always make sure Patching and Updating is taken seriously. If you fail to patch your systems correctly and in a timely manner you run the risk of leaving your systems and infrastructure open to hackers and bad actors. All Patching and Updating should be automatic for the most part. There are some cases where you must make 1000000% for sure that NO updates will reboot a server during business hours. Failing have such exceptions, safeguards, and scheduling procedures in place can lead to system down time which negatively effects Service Level Agreements (SLAs) with clients, customers, and maybe even internal staff. Maintain your System Up Times but but also stay vigilant on Patching Vulnerabilities and Known Exploits. This is where being subscribed to latest zero day vulnerabilities. Nobody saw Log4J coming but being on those email reports of Zero Day Exploits and Vulnerabilities ultimately helps your vision over security. Public Information does have its advantages when planning against certain attacks. Some attacks aren’t as widespread as sometimes made out to be but some exploits really do need to be made known quickly and retroactively patched quickly.

Determine what your regular Update Cycles are such as Windows Updates. These are extremely annoying to be honest but they are necessary for a solid security posture. Don’t become too Paranoid when it comes to Updates and Patches because that is neither Healthy nor Positive for Anyone. Overreacting can cause more unintended consequences than you could ever imagine. So don’t cause unnecessary panic. Investigate reports of new vulnerabilities and exploits before raising concern to other parties. End User Computers should be auto updated and patched weekly if not bi-weekly. Anti-Virus definitions should be auto updated on a daily basis to make sure Zero Day Exploits don’t take down your company. This is not always mitigated by Daily Anti-Virus Updates but its an extra safe guard you can set in place to increase your Security Posture. At the Beginning of the Day and the End of the Day you want to make sure your systems, software, and security protection solutions are up to date. Doing so will increase your defenses against potential hackers and bad actors. Protecting your People and Property are the most important elements Patching and Updating so make sure to keep that focus when you are reaching out to clients and customers for updates and patching. Teamwork indeed makes the dream work so help end users help you and your organization’s security goals. Sometimes this can simply mean providing them instructions on how to update software or windows from the end user workstation. Linux is its own beast all together but always remain ahead of your security gaps to insure you have a strong security posture.

Lastly, Updates and Patches are inconvenient but necessary in the grand mission so don’t cut corners when it comes to security. I keep saying it but it is often too easy to turn off Windows Updates and ignore software updates so you will need to make sure to centrally manage both Updates and Patching.