One of the most important items you can perform on your systems is monthly patching. In the past year most of the vulnerabilities that have been exploited could have been avoided with a proper patch management program.
What is a proper patch management program? I will list it below.
1. Have a tool to patch your systems – Many tools exist to patch your machines. A few good tools are Microsoft SCCM or Invanti Shavlki. You should have a program that pushes security patches out monthly. I would suggest being 30 days behind in patching. Why? Some of the patches have flaws in them and waiting 30 days allows the vendors to work out the flaws.
2. Make sure you patch third party software such as Java and Flash. Patching your Operating System is only half the battle. Adobe Flash and Oracle Java have patches that are released monthly that need to be patches. Some of these flaws make your system more vulnerable than the operating system flaws.
3. Invest in a Vulnerability Scanner. A vulnerability scanner will allows you to validate that your systems are patched. Make sure you are doing an authenticated scan to ensure you are getting a full picture of what vulnerabilities actually exist on your system. You will also find that while you have patched your operating system, you might have to disable or enable a feature in the Windows Registry to full enable the fix Microsoft provided.
4. Firewalls – While I don’t update these systems monthly, I do update them quarterly. Firewalls have vulnerabilities just like any other operating system. You should check quarterly if you need to apply updates.
If you follow the approach I have just described, you will maintain a higher level of security and hopefully help protect your system from a cryptolocker virus or website exploit.
You can contact me if you would like help setting up a vulnerability management program.