patch management


NCSAM: Are You 100% Sure Your Systems Are Fully Patched?


The Equifax Data Breach exposed 145.5 million people’s sensitive data – social security numbers, birth dates, street addresses and some drivers licenses – and was one of the worst breaches in history. The breach could have been avoided had Equifax applied a known web-application patch that was released two months prior. The attack is believed to have begun in mid-May of 2017 and was not discovered until July 29th, allowing the hackers a month and a half to steal consumer information.

Also in May of 2017, the WannaCry ransomware cryptoworm made headlines across the world as it infected more than 200,000 computers throughout 150 countries, causing damages from the hundreds of millions to billions of dollars. It targeted PCs that were running older versions of Windows and exploited vulnerabilities in systems that didn’t have the latest software updates. WannaCry affected many organizations – large and small – as well as individual home users.

Patching and updating your IT software and hardware is critical. Failure to do so will leave your organization vulnerable to viruses and ransomware. Many SMBs (small and medium businesses) think that hackers only go after large corporations since those stories typically make the news headlines. But actually, small business are targeted more than half the time (58%) and a single breach can cost an average of $690,000. Cyber criminals realize that smaller companies oftentimes do not have the resources needed to protect them from breaches.

Keep Software and Applications Updated
It’s easy to ignore those pesky popups that say “a software update is available” and think ‘I’ll just finish what I’m working on and install the update later’, but the truth is most people won’t. Software updates, however, often include critical patches to security holes that hackers use to infect your systems and steal valuable data. By ignoring those messages, you are leaving your computer and network open, allowing cybercriminals to cause major damage.

Software updates need to be checked and performed at least once a month for:
• Operating Systems (i.e. Windows, Mac OS)
• Productivity Software (i.e. Microsoft Office)
• Accounting and Customer Management Software (i.e. Quickbooks, Sage, Salesforce)
• Custom Applications (such as legacy software that was custom written for your organization)
• Industry-Specific Software
• Web Browsers (i.e. Explorer, Chrome, Firefox, Safari)
• Plugins (i.e. Adobe Flash, Java, Microsoft Silverlight)
• Website Content Management Systems and Plugins (i.e. WordPress, Joomla, Magneto and Drupal)

Don’t Forget Your Other Hardware!
Not only is it imperative to apply software updates to your PCs, laptops and servers, but also other IT hardware devices, such as switches, firewalls, routers and access points. Once equipment is deemed end-of-life (EOL), the manufacturers no longer support or maintain them, which can lead to security risks. That is why we recommend for companies to budget replacing IT equipment before they reach their end-of-life.

What To Do If You Are Not Sure You’re All Patched Up
There are several patch management softwares that help organizations discover vulnerabilities and stay on top of updates. If you need further assistance, give us a call! All of our Texas Systems Group BrightStar Managed Service packages include automated patching. Monthly and quarterly audits help find vulnerabilities within your network so they can be addressed before a data breach occurs. Our CyberSecure Team is constantly looking out for the latest threats and solutions to protect our customers. Our vCIO will work with you on budgeting to replace aging equipment which decreases the chance of hackers exploiting unpatched and out-of-date hardware. All of these components together drastically decrease your risk of becoming the next victim of a cyber attack.