Many businesses simply don’t invest in IT patch management, which is why lots of data breaches and cyber attacks are able to happen. Interestingly, 74% of companies don’t apply patches because of a lack of staffing.
As the owner of a business, you shouldn’t be trying to manage your own software patches. That is where your IT support company or your IT department will come in. A good IT support company will take charge of IT patch management. They will make sure that all relevant updates are installed on all of your devices promptly.
Australian Cyber Security Centre is part of the Australian Signal Directorate (ASD)
The Essential 8 framework dictates that you should install important patches to your devices within fourteen days of the manufacturer releasing them. I think fourteen days is pretty generous; I’d say seven days, at the latest.
Here’s the thing, one of the first things I check is the status of the updates. And more often than not, the updates are well off. I’ve seen businesses who haven’t had updates in more than a year sometimes, and that can cause a massive security risk in your firm.
Advice for Business Owners Who Self Manage IT
As I mentioned earlier, it shouldn’t be your job to ensure that patches are being installed on your hardware and software – you should have an in-house IT department or outsourced IT company to do that for you. However, you should ensure you get a monthly report detailing all of your hardware and software and what recent patches have been applied.
Do you remember the ransomware attack on the NHS in 2017 in the UK? That was caused by a security flaw on some of the computers. The patch that could’ve fixed that flaw had been available for some time, but because it hadn’t been installed on those computers, the attack cost the NHS over £92m.
Don’t leave it to chance, and don’t assume that your IT team are doing it; I’ve seen the truth, and plenty of them aren’t.