Nov 15, 2017Industry insights,
The importance of patch management
As a business that’s recently undergone the Government backed Cyber Essentials Scheme, we’ve been sharing with you all of the criteria that collectively make up the scheme. The last in this series is Patch Management, which is an essential part of cyber security.
For anyone that isn’t familiar with patch management, it’s the term given to the central or internal management of known issues and the fixes or “patches” that are released to address these.
When you invest in a specific piece of software, the manufacturers and developers will continue to evolve this software. As they become aware of vulnerabilities or security issues they will release a patch, generally in the form of software upgrades, to address these issues and in turn keep your device and network secure.
To receive notification of the latest patches you will need to make sure the software and hardware are licensed and supported. It’s worth keeping in mind, that whilst most brands will want to provide their customers with the most recent patches, it’s not a requirement by law, and most do it to protect their brand and provide a better customer experience. In many cases, they will provide this as part of the purchase cost for an initial period, however, it is common practice to charge a nominal fee to continue to provide maintenance within an additional support contract after this initial period has expired. Particular attention should be given to any security related patches that are issued, and these should be installed as soon as they become available to the vendor.
In addition to this, any out-of-date software should be identified and updated, or if no longer required removed from devices, to maintain IT security.
The Cyber Essentials Scheme is not just one element or criteria, it’s the accumulative effect of five key business security related issues: Boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. When managed correctly either by appropriate configuration or by a robust process and policy, the business is then able to demonstrate a heightened level of cyber security. This is not just good for them and their security, it’s good for their customers and clients; the people that choose to interact and transact with them, and good for the wider community as a whole. If everyone did this, cybercrime as we know it today would be a thing of the past.