26 Oct Cyber Essentials – The Five Controls – 5. Patch Management
We’ve made it! We have discussed four of the five controls as required by Cyber Essentials to achieve their accreditation. In the remainder of this article we will explore Patch Management – the last of the five controls that will get you on your way to a cyber secure future.
You must keep your software and devices up to date – that is very important. Bearing mind the rate at which cyber attack sophistication is advancing, it is essential that you have all your devices equipped with the very latest protection – or else you run the risk of leaving your entire technological landscape open to problems and – depending on their severity – they could be business incapacitating ones. You can’t just assume that because you have taken your devices home from the office that they are safe – it doesn’t matter where they are physically situated; if they are vulnerable, then they are vulnerable!
We all see updates on our phones and laptops as a bit of a nuisance, and that is understandable – they usually take a while to download and install and seem to appear at the most inconvenient of times. Nonetheless, we accept them because they make our experience using the device or programme better. This is usually done by adding new features and improving functionality, but what most don’t realise is that it is their job to patch any security vulnerabilities that have been discovered since the last update.
A manufacturer will make it their prime concern to remedy any security vulnerabilities at the soonest instance – it is, after all, beneficial for them to do so, because, if you were using their device and it wasn’t secure, it could result in a security breach. Having suffered from one you are unlikely to use that device, software, or even manufacturer again. Make updates automatic wherever possible!
The evolution of tech
All IT has a lifespan. Technology is constantly evolving, with new tools and features being released everyday, with more weird and wonderful uses and capabilities. With these developments happening so rapidly it does quickly make older – previously integral – tech surplus to requirements.
These advancements in technology are mirrored in the Malware designed to attack it. With this in mind it is essential that updates are regular – yes, this can be inconvenient, but with the evolution of technology only increasing in momentum there isn’t much of more importance in the quest for cyber security. If a device or software ceases to be supported by the provider it is imperative that you start looking for, and purchase, a modern, equipped replacement as soon as possible – delaying could have serious consequences.
Let’s go through an example. You have an iPhone, the model is years old, and Apple have just recently stopped supporting it with updates. With all our personal information stored on our mobiles you must immediately make plans to get a newer, updated, secure model as soon as possible. You wouldn’t leave your door unlocked when you go out, would you? So why are you doing that with your network connected devices?
The Cyber Essentials requirements
Cyber Essentials requires you to install updates within two weeks of their release if the vendor describes the patch as fixing flaws labelled ‘high’ or ‘critical’. Your software must be licensed, supported, and be the most up-to-date version wherever possible. You must also remove all software that is no longer supported from all your devices.
We hope that this series has enlightened you to the importance of cyber security and what you will need to do in order to pass the Cyber Essentials accreditation.
Cyber Essentials Accreditation achieved
We understand the importance of top-level cyber security in your organisation. Our team of experts will help guide you to Cyber Essentials Accreditation and a secure future. We will ensure that you feel confident with the new tools that were implemented which made achieving the certification possible. Contact us now and find out how we can help you transform your digital landscape into a fortress that cyber criminals haven’t got a chance of being able to penetrate.