Series: What Small and Mid-Sized Business Leaders Need to Know About Their Company’s IT – Updates and Patches
There is one simple concept that law students learn in their first weeks of criminal law class: Ignorance of the law is no excuse. The same goes for IT and Business Leaders. Gone are the days where you can say, “I’m an Executive. I don’t need to know about IT.” We expect business leaders to be stewards of data just as they are with inventory, accounting, bank accounts, etc. The foundation of being a good steward of a company’s data is knowledge about the company’s IT. Even if you have the best IT guy, you should still have some basic knowledge about your company’s data and IT systems.
Unfortunately, there are very few places a business leader can go to learn the fundamentals of IT. Business leaders are often not the most technical person in their company which means they must trust the advice, knowledge, and execution of their technical employees or IT service providers.
So, we’ve created this guide for Business Leaders in Small and Medium Businesses (SMB’s). Our goal is to give you, the business leader, the ability to “trust but verify” the technology, your internal staff, and their data security.
Ask yourself: Where is your company data and who owns it?
Data comes in a variety of flavors, and it’s usually in a multitude of places. In this series, we talk about some different kinds of data that your company may own or use.
Data example #1: E-Mail
Data example #2: Your Company Website
Data example #3: Servers
Data example #4: Server Backups
And now: Updates and Patches
Why Updates and Patches matter:
Hackers LOVE to take advantage of security flaws. So, applying updates and patches are critical to your organization’s IT and cybersecurity strategy. They often include critical fixes to security holes, can improve the stability of your systems, and can improve your overall user experience.
If you have many end-user devices (PC’s, laptops, etc.) on your network, and you leave it up to your users to apply their own updates and patches, you could be leaving not only your organization open to security issues but anyone your business comes into contact with as well. If one of your end-user devices gets a virus, it could be passed onto business associates, vendors, and even customers.
Laymen’s terminology: According to the CISA, patches are software and operating system (OS) updates that address security vulnerabilities within a program or product. Software vendors may choose to release updates to fix performance bugs, as well as to provide enhanced security features.
What you must know:
- Do you have a patch and update policy in place?
- Are updates and patches set to apply automatically whenever available?
- Who applies patches and updates? Is it left up to each user to update their device?
- Are you using software and systems that have been marked End of Life (EOL) by the manufacturer and are no longer supported, updated, or patched?
Business Continuity Concerns: If your systems and software aren’t kept up to date, you are leaving yourself open to cyberattacks and are even risking the security of your data and your customer data.