Who gets the blame when a security breach occurs that exposes your company’s trade secrets or your customers’ secure personal data? A Houston managed IT services company will tell you that usually the answer depends on where the data was stored, how it was placed there and who had the rights to access it.
Your commercial website is only as secure as your server is. Many businesses assume that their server is secure. However, security patches and updates that software manufacturers frequently distribute contain clues for hackers that they can use to compromise your Houston network security. Compromising your network security is not something that you want to be doing, using a penetration testing cost will ensure that your network security is high, protecting both your computer and company. Vulnerabilities are present sometimes and should not be exposed.
Sometimes, a patch has its own vulnerabilities that are not discovered until a hacker has already commenced an automated assault on servers based on the weakness mentioned in the update’s script. That leads to the question of whether you should install patches as quickly as possible or if it is better for you to wait.
If the software’s vulnerability is exposed before the manufacturer is able to fix the problem with an update, a hacker can launch an attack within a few hours. In that situation, you probably want to install the update when it becomes available. However, it is a good idea to turn automatic updates off because an installation could occur during your business hours, which might require your server to shut down and restart. You could lose valuable data when the system reboots, which will require immediate attention from a Houston backup and disaster recovery service. Your system might also completely crash during an automatic patch installation, which could prompt the dreaded blue screen of death for Windows users.
It is better to have the program manager download the update and notify you that it is ready for installation. Then, you can install it at the close of business, over the weekend or whenever it will interfere least with your flow of commerce. The time that your server spends being unprotected is called a zero day. That is when security is at its weakest.
Lately, many IT departments are wary of performing immediate updates even if they know it will not affect the normal course of business. They are unsure that a newly released, untested patch will not cause more problems than it solves. This cautious attitude was adapted in light of several patch fiascos initiated by major companies. Servers are not the only component being attacked. Mobile devices have suffered through such nuisances as Wi-Fi signal dropout, rapid battery drain, unexpected rebooting and poor or no audio.
Microsoft’s very own update documentation says that you should only update your system if the risk of updating is less than the risk of not updating. Large companies with dedicated IT teams can set up a test area on their server to try out a new patch. Once they are convinced that it is safe, they can install it on the main server.
Smaller companies that do not have the resources to test updates can wait a week or two before installing the update. This approach has two advantages.
- The company can monitor the tech press and social media to verify that the update does not have its own set of problems.
- If the original update has a bug and a patch is released to fix it before the company updates their server, the initial patch will not have to be uninstalled to install the latest update.
Your servers and website are the heart of your business. Do not assume that they are secure. If you would like to discuss your server’s security or if you have been the victim of a cyber-attack, contact us at 713-974-3889. We take security seriously.