One of the common trends that MSJ sees in small businesses is that their computers, laptops, servers, and network hardware are frequently not patched. Occasionally, these missing patches lead to breaches and other issues for our clients.
On a larger scale, the world has also seen catastrophic issues for not patching systems. The Equifax breach in 2017 was the result of a known vulnerability in Apache Struts not being updated.
So why do small clients (and even large clients) not patch their systems? From our clients, there are two key issues:
Small businesses underestimate the risk.
The businesses do not see the ROI and are trying to save money.
The solution does not need to be complicated or expensive. MSJ performs regular maintenance for clients to keep the process manageable and tries to inform decision-makers of the risks that exist.
The actual patching process is relatively simple.
Take an inventory of systems and software.
Monitor vulnerability notifications daily.
Patch urgent issues as soon as possible.
Patch systems regularly. We apply patches once a month on a recurring schedule.
Monitor systems for failed patches on the same recurring schedule.
How frequently are you patching your systems? Do you remember to update everything, including network hardware and security cameras?