Running without a patch management policy?

Have you thought about enacting a patch management policy in your company, but are not sure if it is worth the trouble? The largest companies already have a patch management policy in place, you just may not be aware of that fact, as internal computer usage policies are not general knowledge. Rest assured that a company with an extensive legal team and IT department has given significant thought to how computer usage can be kept secure for the sake of both their employees and the sensitive data housed on their computers and network servers. Any business that stores sensitive data on computer drives stands to feel an extensive loss if that data were to fall into the wrong hands.

There are ways that every network goes about preventing this from happening. A firewall is a good example; likely, no corporate network is unprotected by some form of hardware or software firewall. Usually, it is hardware and sits permanently between their internet uplink and their internal router. Or, the firewall also acts as their router, if the network is smaller. Regardless, often overlooked is the necessity for keeping a solid patch management policy in place to prevent computers on the network from being honey pots for hackers to gain access to almost any network share by invading a user workstation, gaining control of it and leveraging the logged on user credentials to browse network shares.

It may sound outlandish, but a lack of security patches leaves computers vulnerable, even if they are thought to be secure behind a firewall. Writing and implementing a good, complete patch management policy will ensure that operating systems and applications are patched on a regular basis, and if they are not and a computer is compromised, then the person failing to follow the written patch management policy can be held accountable.

Leave a Reply