‘Patching’ is one of those cybersecurity terms that sounds simple and homespun while somehow also appearing technical and complex. But in reality, patching is one of the easiest ways to protect your business against cyber threats. Here’s everything you need to know about it: the what, the why and the how.
What is patching?
Remember how your mum would fix your school uniform with a patch of similarly coloured fabric when you ripped it falling over in the playground for the hundredth time? Well, the same principle applies to patching in cybersecurity.
Over time, even the best software develops vulnerabilities, suffers a breach, or simply becomes outdated. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged. Whatever the reason, software developers get around the problem with security patches.
Just like the million little fixes to your school trousers, security patches are small adjustments. They don’t change the fundamental function of the software, but they do get rid of ‘holes’ a cybercriminal might exploit to access your data or systems.
Why is patching important?
The best way to illustrate why patching is so important is to give an example of what happens when it isn’t used. Remember the Wannacry ransomware attack back in 2017?
The crisis began when the USA’s National Security Agency (NSA) discovered a vulnerability within Microsoft Windows. However, rather than report this immediately to Microsoft, the NSA used its knowledge of the vulnerability to create software capable of exploiting it. Unfortunately, cybercriminals then stole this tool from the NSA and used it to launch the Wannacry attack.
Why is this relevant to SMEs?
Of course, as an SME, it’s unlikely you’re sitting on software vulnerabilities that could put an almighty dent in the global economy. But that doesn’t mean patching isn’t important.
If the tools you’re using – say, your operating system or anti-virus software – have vulnerabilities, it gives the bad guys an easy route into your systems. Once they’re in, confidential employee information, financial data, and everything else your business guards closely, is at their fingertips.
And it’s not just your business. As Wannacry proved, a weak link anywhere in a supply chain puts everyone in at risk.
How do you make sure your business is protected?
The best thing about patching is that it’s the simplest thing you can do to improve your business’s cybersecurity. All it requires is that you continually update the software and tools you use. This could mean checking for updates every few days or just simply switching on the auto-update setting for all company devices.
This is very easy to do on a personal level. But what about if you scale this practice up company-wide? Surely keeping track of several or even tens of employees’ devices is tricky, to say the least?
There are two relatively simple routes around the problem.
Clear security policies
The first is clear company security policies. Make it clear to your people that everyone needs to update software as soon as a new version or patch is released and explain why. Most of us are more likely to adhere to a policy if we know why it’s there and what we risk if we don’t follow it. And don’t squirrel it away on some long-forgotten corner of your company server. Ensure everyone has access and knows where to find it.
Use an active protection tool
The second approach is to use an active protection tool like CyberSmart Active Protect. Active Protect scans all of your company devices every 15 mins, checking everyone is using the latest versions of software and security settings are configured properly. If anyone in your business has missed something, you’ll know about it through the CyberSmart Dashboard.
Our products can even help with creating clear policies. CyberSmart Policy Manager allows you to host your security policies in-app and distribute them to all company devices. So you can be sure everyone has access to and reads your organisation’s policies.
Although it doesn’t sound like much, ensuring every tool your business uses is running the latest version really is the first step to a safer working environment. So why not start making it part of your routine today?
Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.