When hackers hit the city of Baltimore with a ransomware attack last month, the incident made international headlines.  The heinous cybercrime shut employees out of the city network and halted the delivery of many municipal services.  Recent estimates put the overall cost of the Baltimore Ransomware Attack at roughly $18 million.

While news stories about the attack focused on juicy tidbits about stolen NSA tools and fumbling politicians, one of the most alarming subplots went largely ignored.

It turns out that the hackers who perpetrated the Baltimore Ransomware Attack exploited a Windows software security hole that Microsoft fixed over two years ago.  However, because Baltimore ran an outdated operating system, the security hole never got patched.

Could smart software patch management have saved the citizens of Baltimore $18 million?

It’s already too late for Baltimore, but your small business can still stave off greedy and malicious hackers.

Of course, it’s not glamorous or headline-grabbing work, but software patch management still needs to be done in a consistent, thoughtful and proactive manner.  Without regular security updates, you risk leaving holes in your business network for hackers to exploit.

At the same time, initiating updates to a production-level server at the wrong time can cause severe slowdown and business disruption.  You need to walk a fine line between strengthening security and maintaining productivity.

For IT directors and other business tech experts, this is the sort of grunt work that can get passed off to an outsourced IT department like Capital Network Solutions.  We do the detailed work of Windows patch management for Greater Sacramento Area businesses every single day.  It’s second nature to us by this point.

However, for non-experts in charge of business network security, it becomes even more essential to hire experts to guard your gates.  After all, the process gets especially tricky when you’re talking about updating a server, as opposed to a workstation.

Thankfully, skilled and experienced IT services providers like CNS can remotely manage the detection and deployment of essential security patches.  Meanwhile, we can also exclude or reschedule the non-essential patches that might slow down your entire system.  And as with any competent Sacramento IT support company, we outline our software patch management schedule in detail in our Service Level Agreements.

Still confused?  Keep reading to get more answers to your questions about security patches for Windows.

Why is it called patch management?

Supposedly, the name comes from the pre-digital era act of literally patching holes in computer punch cards.  We evolved past punch cards long ago, but the basic concept remains the same.  When Microsoft finds a security hole in their operating system, they work as fast as possible to send an update to users that will patch the hole.  Without that patch, the operating system becomes vulnerable to cyber attacks.

On the other hand, when an operating system reaches its end-of-life, Microsoft stops pushing out software updates on those products, even for known security vulnerabilities.  For example, the Windows 7 operating system will reach end-of-life on Jan. 14, 2020.  Once that happens, any business still running off Windows 7 becomes an easy target for hackers.

However, the management is just as important as the patch.  Patching matters, but it also matters how you patch.  At CNS, we prevent business disruption and network slowdown by only patching at certain pre-agreed times.  We only allow reboots after business hours, at 10:15 p.m. PST for workstations and 12:30 a.m. PST for servers.

Why is security patching important?

There are two main reasons to create a well-thought-out patch management procedure:

  • It will significantly increase your endpoint security. Upgrading cyber security is the main reason to receive regular security patches, especially in the age of the data breach.  If you think your company is too small to get hit, think again.  In this time of automation, hackers love the low-hanging fruit of the small business.  Sure, the Baltimore Ransomware Attack earns all the headlines, but a recent cyber attack on the small town of Riviera Beach, Florida, just netted a $600,000 ransom for the hackers.
  • You can deploy the most up-to-date patches for your business. By implementing the latest Windows patches smartly and thoughtfully, you get access to new features as well as bug fixes.  The trend towards mobile employees and decentralized offices is not changing course anytime soon, and your workers deserve the best technology available.

What are some basic patch management tasks?

Patch management tasks include:

  • Monitoring for available patches
  • Excluding or rescheduling unnecessary patches
  • Ensuring that all patches get fully installed
  • Testing all patches after installation
  • Documenting all procedures and patch schedules

What are some patch management process best practices?

  • Patch at least once a week on servers and workstations, but stagger to prevent a slowdown
  • Exclude larger updates like feature packs until after business hours
  • Investigate and resolve any software patch errors as soon as possible

Why not just leave on the software auto-updates?

As mentioned earlier, numerous special issues arise when updating a production-level server.  At Capital Network Solutions, we like to handle those updates on an individual basis.  Installing the wrong software patch can take hours to fix, even for seasoned IT professionals.  The same goes for feature packs, which can cause issues with software compatibility and network slowdown.

Leaving on auto-updates opens the door to a lot of unnecessary and time-consuming software patches.  Microsoft releases hundreds if not thousands of software updates every week, but only a handful are applicable to your computer or server.  For example, Microsoft puts out an update for Exchange servers every week.  Even if you don’t operate an Exchange server, Microsoft will still push through the auto-update.

At CNS, we always install critical security patches, but otherwise, we pick and choose which updates to send our clients.  You probably don’t need the Japanese language pack, so we will exclude that update unless otherwise requested.

What gets software patches besides workstations and servers?

Besides pushing through critical patches for workstations and servers, CNS also does third-party patching.  For instance, Adobe Flash has a lot of vulnerabilities, and so it gets updated every single day.  We also manage updates for third-party applications like Java, WebEx, WinZip and more.  Without regular patching, you could create security vulnerabilities, and you could miss out on new features.

Need assistance with security patch management?

If you want to ensure the health and security of your business network, CNS can help.  As one of the top IT consulting companies in Sacramento, we are always available to talk about technology.  To learn more about our patch management services, call CNS at (916) 366-6566 and set up a free consultation.