Most IT users have some idea of the importance of patches. They know that they can provide quick fixes to specific problems in software performance. Some users understand that patches are also used to deliver protection against new cyber threats. But understanding doesn’t translate into a warm welcome for the new patch’s arrival. For the user not experiencing the performance glitch or ignorant of a potential cyberattack, a patch – and the reboot required to make it effective – is an unwelcome interruption to their working day.
Unfortunately, this attitude is pervasive. It doesn’t start and end with the user reading the update-and-restart pleas on their screen. It can extend throughout an organisation. Applying patches and rebooting systems takes time – sometimes hours – and in high-pressure, 24/7 cultures where results are demanded, few people welcome the idea of having their IT resources out of action for an unspecified period.
Often the patches are ignored – even by Managed Service Providers (MSPs). According to NinjaOne, only 10% of MSPs require their clients to reboot their computers for patching. Think about that – these so-called IT professionals are tempting fate, jeopardising their clients’ business. While it’s true that some patches are not time-critical, others play a crucial role in cybersecurity, and their prompt implementation may be an insurance requirement.
Is your MSP protecting you?
When we conduct a cybersecurity review, this is one of the areas on which we focus. Often, we discover that a potential client is exposed to a cyber threat for which effective patches and updates have been released. The client’s original or existing MSP simply hasn’t ensured that critical security measures, consistent with CIS Controls, have been followed. At best, it’s sloppy practice. At worst, it’s negligent.
There are ways to minimise the disruption caused by patching and reboots. What’s more, the impact of a managed update is minimal when compared to the expense and disruption of a cyber-attack and the reputational damage caused by a data breach.
Let’s be clear: if you have a hole in your jeans, you might get away without patching it. If you hole your ship close to the waterline, patch that hole. In these days of cybercrime, you’re sailing into rough seas. When choosing an MSP to manage your technology, support and cybersecurity, make sure they’re not cutting corners. Your security depends on it.
If you’d like to talk about your protection, do get in touch. We can provide a cyber review, audit against CIS Controls for M365, and offer advice on any vulnerabilities that need to be addressed.