Network Security Basic Training Series: Patching
In this series of articles, we will explore some of the basic ways that business of all sizes can keep their computer systems safer.
While it is impossible to say that a system can never be breached, if you are not doing some of the basics to help protect your system and your data, then you are more likely to experience a breach. In this first article, we will discuss system and application patching.
How can patching help your business’ security?
If you are not keeping up with regular patching of your computer and the programs that run on it – then you are simply asking for trouble. Many of the breaches that make the news (and I am sure many more that don’t make headlines) are caused by holes in software for which a patch existed by the vendor.
If you buy a new PC from the local computer retailer, chances are you have had to update it with a lot of patches soon after taking it out of the box. These updates come out typically on a monthly basis, and they should be allowed to download to your system and be applied.
In larger companies where there are hundred or thousand s of computers to update, there will most likely be a commercial patching solution used that can download the update files once and then apply them to all the systems that need them on a rolling basis.
What you want to avoid is the delay of these patches from getting applied.
Sure, there are times where the patches want to update your system and then reboot, and the time the patches choose to be applied may not be the perfect time for you to stop what you are doing.
It is ok to postpone the application of patches until later in your day or when you shutdown the computer, but you should never delay more than needed and I would say it is never advised to go more than 48 hours after the patches are available to get them applied.
What is being referred to above is mostly the operating systems patches, but what about 3rd party programs such as Adobe, Java, Flash, etc.?
These too need to be updated often, and even though it may be annoying to see the pop-up on your screen notifying you of available patches, you should always take the time to apply the latest updates to keep your system protected.
Even if you don’t use a particular program but it is installed on your computer, you should keep that up to date as well so it cannot be exploited.
There are even free utilities such as Update Checker from FileHippo that can run as a separate program and check your computer to see what available updates exist for you. “The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases. These are then neatly displayed in your browser for you to download.”
The Update Checker works on any PC running Windows 8, 7, Vista, XP, 2012, 2008, 2003, 2000, ME or 98. I have found this utility particularly useful for keeping programs up to date that I didn’t even know had updates available for – including Skype, Google Earth, and more.
If you leave your systems unpatched, then hackers or software exploits may use holes in older versions of software to find a way to get into your computer and/or steal your data. Hackers could also use these software weaknesses in unpatched software to gain information about you and your web activities in order to scam you later via email or phone.
Probably the worst example of what hackers can do nowadays once they are able to get into a computer is the rise of ransomware, where the contents of your hard drive are locked until you pay a ransom to the hackers.
Keep in mind that a compromised system may hurt not only that one system, but others as well. If you use your computer on a network that includes other computers, your issue could affect them as well.
If you use a laptop at home and it gets compromised, then you bring the laptop to work, that issue could follow you to your workplace and affect the other computers on the corporate network as well.
In summary, it is best practice to keep your system up to date at all times. Be sure to turn on any automatic updates that are available to your operating system and any 3rd party applications.
If you need to use a utility to scan your computer for 3rd party applications that may need updates, be sure to file on like the Update Checker noted above and use it regularly.
In future articles we will discuss more topics that can help you keep your system and your data safer.
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.