Security Vulnerabilities: How to Avoid Patching Perils With all of the buzz about data breaches and hackers infiltrating systems, we can become desensitized to the amount of information and recommendations being thrown at us, especially if our budgets don’t allow for the latest “high tech” tools to protect our systems and data. If you happen to fall into this category, you have a few options. One is training employees to watch for social engineering attempts and to be vigilant to scrutinize requests for information to prevent phishing attempts from being successful. Another option, that is frequently overlooked or not managed consistently, is patching. Recently, the Intel security vulnerabilities, now known as Meltdown and Spectre, have been making headlines. These flaws are found in most of Intel’s microprocessors (or chips) in computers and mobile devices, and enables hackers to access sensitive data from computers when they open and use certain programs. If you have a device that uses chips from Intel, AMD, or ARM, there are vulnerabilities. To prevent hackers from attacking your affected devices, it’s best to install the appropriate patches as they become available. Here’s why. The Importance of Patching In the past, Europe has had its struggles with routers being used to take down internet and voice. Another well-known U.S. voice service provider had their routers used by hackers to access networks by bypassing firewalls intended to protect systems. The well-known Equifax breach that impacted millions of customers in 2017 could’ve easily been prevented. In all cases, the patching was not up to date and the vulnerability was easily used to bring down networks or compromise systems. We all know the issues software platform providers have as they struggle to keep patching current against the latest malware. For companies that have hundreds, or even thousands, of end points, patching is an obvious challenge. However, it’s also burdensome for smaller companies. Regardless of your size, it’s imperative to find ways to consistently patch routers, switches, operating systems, software, and servers with the most current releases to preserve the integrity of the network and prevent hostile network takeovers. A Simple Solution So, here is a simple solution: Make it a priority to apply the latest recommended patches to your products as soon as possible after they are released to the public. Apply them in a test environment first and have a roll back plan if the patch causes major issues with your customized configurations. Work with your vendors to make sure their equipment on your premises is up to date, as well. Make sure your business partners are doing the same. Lastly, you could consider patch management as a service to remove the internal burden of managing and applying patches and updates. Closing this vulnerability is a simple way to reduce your network and data risk exposure. Learn more about Aureon’s managed IT services. What is your plan for patch management? Vicky McKim Vicky McKim is 1 of 125 professionals internationally to hold her level of certification. She is a Certified Risk Management Professional, holds a Master Business Continuity Professional Certification and is an Associate Fellow of the Business Continuity Institute. Vicky has 30 years of experience in the field of risk management, business continuity, and disaster recovery, including BCM Program Director for two global organizations. Vicky has spoken and taught at national, regional, and local conferences for more than 15 years. Her experience provides her audience with a proven perspective on how to improve risk controls and continuity for their business operations, along with many practical examples of what the next steps may look like. Vicky's stories and practical guidance empower those listening to take action to create more resilient environments for their workplace.