PAUSE TO CONSIDER: Patch Management

Fortified Cybersecurity Awareness Month

Servers are often the last systems to get patched or upgraded, making them an ideal target for cybercriminals on a global scale. Hackers can easily launch a successful cyber attack on a server, exploiting the lack of an updated security system, or even vulnerability patches that have not yet been fully deployed. When performing network updates and implementations, pause to consider:

Questions to Answer About Managing Patches

When was the last time your servers were rebooted?

Many organizations lose track of server reboots, for a myriad of reasons. Servers are arguably the most crucial piece of equipment in an enterprise, hosting the services the business needs for day-to-day operations. It’s important to understand that many security updates will not take effect until the system has been through a reboot cycle.

Have patches been tested and deployed to the servers?

Because servers can’t be shut down on a whim, the updates and patches necessary to maintain a standard of security may begin to stack up, making them difficult to track with accuracy. Additionally, the more patches that need to be applied, the longer the restart cycle can take, which results in more operational downtime.

Have you considered a rotational change management schedule for crucial systems?

Instead of updating and rebooting all the servers at once, try breaking them down into groups. Each month or quarter, schedule group X to go through the update cycle. A rotational change management schedule avoids having the entire server bank offline at one time.

Fortified Health Security helps healthcare organizations utilize technology to minimize organization-wide risk. Want to hear more? Contact Fortified Health Security today.

Fortified Health Security is committed to strengthening the security posture of healthcare organizations.  In the spirit of Cybersecurity Awareness month, we will be posting daily information for you to consider when maintaining your organization’s security program.