Update, Manage, and Review!
In real estate, they say “Location, Location, Location!” For IT systems it should be “Update, Update, Update!” Operating Systems, applications, browsers, hardware firmware, printer drivers, video drivers, NIC drivers – literally every device and every program requires constant, consistent patching. There are even updates to the updaters! Updates address issues from bug fixes and security problems to performance improvements. They are a bit of a pain to employ, they are a challenge to manage and on occasion, they cause more problems than they fix. However, not updating your systems is akin to leaving your keys in the car in a crime-ridden section of town with the engine running and a big fluorescent sign saying “STEAL ME!”.
The number of computer systems, smartphones, servers, switches, routers, firewalls, storage appliances, etc., continue to grow with IT advances and each one could be a potential target for attack.
- An online greeting card company in the UK called Moonpig recently suspended its mobile app due to security concerns it was reportedly informed about last year.
- Home Depot suffered a major, major security breach in September of 2014. In this case, systems still using Windows XP were the problem.
- Amazon was breached due to an unpatched version of Windows, a security Vendor BKav claims.
Updates or “patching” must be managed. Think the automatic update setting is working? Think again – many, many updates require manual intervention to complete and according to PC World, automatic updates are often thwarted by end-users’ inactions. Also, many cyber-attacks are successful using exploits and vulnerabilities on unpatched systems even though patches and fixes are available, but not applied.
Companies update the content on their websites regularly, but often fail to update the tools used to manage their website. For example, WordPress is widely used and is very good about providing updates to its product. But far too often the product is not updated by the end-users.
Let’s face it; the goal of having a website is to drive customers to your business. Anything that could interrupt this is bad! And steps taken to ensure its security is worth the investment.
Finally, systematic review of system logs, hardware and software inventory, and configurations is paramount. I’ve come across many a firewall, router and server that was set up and deployed properly – months or even years ago! Far too often an “if it isn’t broke, don’t fix it” approach is adopted, because after all, we have work to do right? Or an “I’ll get to it next week” attitude takes hold which turns to several weeks, then months and then forgotten. This simply doesn’t work for the IT world we all live in.
System errors and security breaches are partially the results of inattentiveness and neglect. Conducting these reviews isn’t the most fun thing in the world, but it is certainly more fun than explaining to the CEO or your customers that the data you collect from them has just been hacked. So, manage the update process of your systems and routinely review and refresh your website content and designs.
Websites and the IT devices and systems they run on are awesome tools for small and large businesses. They help you generate sales, do a lot of your marketing, and serve as the first place customers look today to find your business. By keeping them updated, well managed, and constantly under review, you’ll keep that investment earning profits.
Steve Barnett is an information technology expert, who owns the LA-based IT networking and consulting firm, Streamline Networks. Check out the website Executionists designed for his business at http://streamlinenet.com.