This article is the third in a series of articles about Cybersecurity Awareness Month. Throughout October, K2 Integrity has been providing tips and solutions to organizations to commemorate the 20-year anniversary of the initiative. This year’s focus is on creating strong passwords and using a password manager, enabling multi-factor authentication, updating software, and recognizing and reporting phishing attempts.
This third article highlights the importance of ensuring software is up to date and the role that plays in keeping organizations, their clients, and their employees secure.
Securing Digital Assets by Regularly Installing Updates
Many organizations have implemented authentication-related policies that require long, unique passwords and multi-factor authentication to help prevent unauthorized access to their networks. Organizations can enhance their information security framework by implementing an additional layer to their security controls: a patch management process. This ensures that systems are updated in accordance with vendor recommendations. Not only do such updates provide computers and other devices with the latest features, they also install important security patches. How can organizations ensure that their network and devices are protected with the latest updates?
- Monitor for update announcements. Organizations should stay informed of upcoming updates to prepare for rollouts. Create a group email to subscribe to automatic messages from software vendors, and schedule regular review sessions to discuss and plan for upcoming updates. If a vendor or provider does not send emails with update details, assign a team member to regularly check their website or communicate with the vendor’s account manager.
- Implement an update protocol. Inconsistent software versions could pose a danger to organizations—cyber criminals can exploit bugs in a single outdated server or laptop to access the network. To confirm that updates are applied consistently throughout the organization, consider implementing an inventory system to track devices and systems. The IT team should manage and enforce roll outs. As part of this process, the team should initially test the update on a small group of users to confirm that the update does not cause issues with the organization’s network and apps. After it is confirmed to be compatible, the update can be rolled out to the whole organization.
- Install all updates as soon as possible. Security updates and patches are released to fix bugs and vulnerabilities in operating systems and devices. After updates are announced, there is a limited amount of time to act before hackers learn how to exploit security issues and bugs. Any delay in installing updates increases risk by leaving a vulnerability unpatched.
- Enforce updates for mobile devices that connect to the corporate network or access corporate data. Many organizations allow employees to use their personal mobile devices, also known as Bring Your Own Device (BYOD), to check work email and access data. To ensure these devices remain secure, organizations should require employees to regularly update all devices with network access. Mobile device management systems can monitor devices’ software versions to help reduce security vulnerabilities. If employees do not install the most current software version on their devices, consider removing their company access until the device has been updated.
- Educate employees about the dangers of delaying or ignoring device updates. Even if an employee’s device does not have direct access to company email and data, a compromised personal device could still pose a danger to an organization. For example, employees may sign into corporate email through the web portal on their mobile phones, thus opening up the organization to compromise. Train employees to set up automatic updates for their devices and all apps to increase the organization’s and employee’s security, especially prior to traveling.
Software bugs and vulnerabilities can open an organization to malware and unauthorized network access. Implementing multiple layers of security—creating strong passwords, enabling multi-factor authentication, and installing updates—helps keep an organization’s network and its confidential information secure.