Understand the Risk of Unpatched Equipment

If you have read Thrive’s blog or other security blogs, you probably have come across patching. Everyone preaches patching. You should know where all your machines are, and you should patch these machines often. Also don’t forget routers, switches, firewalls and other appliances in your network.

I absolutely believe you need to patch all this equipment, and you should have a process and schedule for doing it. While it might look daunting, having a plan does make it a little easier, but not everything can be patched. Yes, I said that. While you should patch everything, for business reasons not everything can be patched. It might be that your mission critical application is running on outdated software or equipment, or patching causes something else to break. Whatever the reason, I’m sure there is some equipment somewhere that you can’t patch. That is where understanding the risk that unpatched equipment poses to your organization is critical.

If you have a public website running on a Windows server that can no longer be patched and it is the repository of your client data, that data is at an extremely high risk. Meaning you need to be prepared to have that client data stolen. Not only should management understand that there is a high risk of this happening, they should be working on a solution. If you have an old internal webserver that is only accessible to the marketing department, your risk is considerably lower; but if that marketing server also contains PII (Personally Identifiable Information) then your risk increases.

Understanding the risk your company faces is critical to keeping your business safe and out of the news.

If you want to learn more or need help securing your systems, please contact Thrive.