Small Business Info Sec Tips – Patching

I participated in a wonderful panel on Information Security for small businesses this week. The event was hosted by HCCC’s Continuing Education and Workforce Development Division. This will be the first webinar in a series. Check here for more information. We covered critical material for business people, and my bit was discussing backup and patching.

99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident.

Gartner predicted 

We love jargon in IT, and I’m sure you’re scratching your head about what I mean by “patching.” Does this have something to do with holes? Well, in a manner of speaking, it does! “Patching” refers to adding bits of code to fix errors or “bugs” in software. What we are really talking about for your purpose is updating software. These updates may or may not be “patches,” but you don’t really care about that detail! Software companies are continually improving their programs, and many of these updates are fixes for security problems.

While all IT pros have at least one story of a software update that went horribly awry, I recommend that consumers and small business owners make use of automatic updating of their critical software. What is critical? Like I mentioned in my previous post, it is whatever your business cannot function without. That may include your mobile phone, computer, and business software. If your phone is critical to your business, turn on automatic updating and make sure you allow the updates to install. If you have already set up backups, you will still have your information even if an update goes bad.

How do you keep track of security updates for your critical systems and software? You can sign up for security update email from Apple, Google, Microsoft, and other software companies you deal with. You can also follow their social media to keep alert to critical security issues. At times, there may be a security flaw that does not have a fix yet. The security communications from these software companies will give you tips to protect yourself from harm while waiting for an update to be released.

While you are thinking about these critical systems, consider setting up multi-factor authentication for each one. Multi-factor authentication could involve a code that you use to log in and your user name and password. This code could come from a code-generating app or device, a text message, an email message, or a phone call. Code-generating apps and devices are the most secure. Securing your access to your critical devices and software is paramount to avoiding account compromise and phishing attacks.

Read more about Patch Management at Heimdal Security blog.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.