The security software’s been installed. It includes anti-virus protection, a spam blocker, a firewall, a pop-up blocker and a spyware filter. Feel safe, yet? The good news: once all that’s done, the system is safe -- at least for the moment. The bad news: a moment is about as long is it lasts.
Malware programmers (whom most people call “hackers”) are constantly finding vulnerabilities in all brands of security software and writing code to exploit them. Security software vendors, at the same time, are constantly writing additional code for their programs to shore up those vulnerabilities from new threats.
Those pieces of new code are called “patches” and without them your software is essentially worthless.
Install all patches and updates
It sounds so simple, but staying on top of those patches or updates is where the wheels fall off for most small and mid-size businesses that can't afford a separate staff or department for information technology. No one can really blame the software vendors on this one, either. “Where there are updates available make sure you install them," says Joern Wettern, co-author of Firewalls for Dummies. "Check all your computers at least once month to make sure no one’s turned off the automatic update feature.”
Most security programs now include an automatic update feature that will have your computer download new updates directly from the vendor’s website on a regular schedule. The most it might require of the end user is the occasional request to reboot or a pop-up screen asking for a “click yes” to accept updates.
For many end users, even that’s too much.
“People get annoyed with those pop-up screens and just turn off the automatic feature. All it takes is one machine to not be updated and your whole network is vulnerable," says security expert and partner John DeLozier, from Nply Security, a Dallas-based network security consulting group.
DeLozier recommends utilizing what network security professionals euphemistically call the good old-fashioned “sneaker net.” What that amounts to is periodically have someone physically walk around to every single computer within the business to make sure the automatic update feature is toggled to the “on” position and is doing its job.
Assign responsibility for patches
DeLozier suggests that businesses follow this two-step strategy to keep the company's systems safe.
If the budget allows, there are a number of commercial software applications available that help organize and streamline the management of updates. Some of the popular software manufacturers who make products in this field include: Kaseya, GSI Languard, Numara, and Microsoft, the latter of which makes a Baseline Security Analyzer.
Before committing to any software solution to patch your systems, just remember this: it’s one more piece of software someone has to be familiar enough with to properly utilize. The bottom line for small and mid-size businesses in need of developing a solution to patch their PCs is that they need to follow through. “Good security can be done on a budget," says Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at conferences on security topics, "but you do have to manage it.”