As you may already be aware, Cyber Security risks have increased significantly over the past decade and even more so in the last year or two. A significant step in preventing cyber security incidents is ensuring that systems are updated to the latest software versions. In fact, “Update your devices to protect important information” is the first and foremost recommendation of the ACSC (Australian Cyber Security Centre) to protect yourself from Cyber Security threats. (Source: https://www.cyber.gov.au/)
While we have previously utilised a range of Microsoft, Apple, third-party and other vendor-based updating processes, we are introducing an improved patch management system to our clients to provide a more robust patch management experience. The new system will ensure that patches are applied and that users receive reminders to reboot their systems to activate the updates, which is a step often overlooked.
Utilising advancements in our Remote Management and Monitoring system, we have now enhanced our Patch Management Policy for all Managed Services customers to automate and enforce daily Critical, Security and antivirus Definition updates to all managed Windows PCs, Laptops and most Windows Servers.
(You can see what updates are classified by Microsoft as Critical, Security or antivirus Definition updates here.)
Along with enhanced protection from Cyber Security threats, regular Windows updates have typically increased Windows devices' stability and the software they run.
What does this mean for my team and me?
We have produced the below table to help you and your team understand what will happen and when.
What Systems? |
When? |
Which Updates? |
What happens? |
Windows PCs and Laptops |
10:00-13:00 Daily |
Critical, Security and Antivirus Definition Updates |
|
10:00-13:00 Weekly on Tuesdays |
Feature and Functionality Updates |
||
Mac PCs and Laptops |
N/A |
N/A |
|
Windows Servers |
23:00-05:00 Daily |
Critical, Security and Antivirus Definition Updates |
|
23:00-05:00 Weekly on Tuesdays |
Feature and Functionality Updates |
||
Windows Active Directory, Exchange, and HyperV Servers |
19:00-23:00 on the third Tuesday of the month |
Critical, Security and Antivirus Definition Updates |
|
Linux and VMWare Servers |
Can I opt out or alter the policy to fit my needs?
The majority of cyber security incidents we have seen over the last 24 months resulted from systems or software that were not up to date. We have prepared this policy in line with industry best practice guidance.
In some cases, we may be able to modify specific parts of this policy to better support your organisation's particular requirements. We encourage you to discuss any concerns you have with us so that we can look at how we may be able to adapt to address them.
We know that these changes are necessary to ensure that we continue to deliver stable, available and secure solutions for your organisation. These changes are vital in ensuring your organisation's continued protection from Cyber Security Threats and that your IT systems remain healthy and functional.
If, after discussion, you still wish to opt out of this process, we will need you to formally agree that you accept the risks associated with this decision.
Comments
0 comments
Please sign in to leave a comment.