Building on this series in Cybersecurity, we also need to look at another area that is often overlooked. Your Applications. Do you have an inventory of the applications running on your network? Any management tools that help you to deploy patches? How often do you patch your applications and operating systems? You will find that all of these things connect together. Your People. Your Applications. Your policies. Let’s take a deeper look at your applications. Ideally, you should be patching your operating systems (for example Windows) monthly. This goes for both servers and end-user devices. It’s bad enough that we have all of these zero day exploits popping up. One month behind is really the bare minimum that an organization can afford to go. It just takes one of your people, clicking on a link in a phishing email to wreak havoc when you haven’t kept your servers and laptops/desktops patched. Use a tool such as Microsoft’s Endpoint Manager (formerly SCCM) to automate this process. You also need to keep track of all the other applications you have out there and ensure they are updated as well. Turn automatic updates to these ancillary systems on. Develop a process around your most important production applications, like ERP. Secondly, develop policies and procedures that do not allow employees to install their own software. We’ll talk about policies in an upcoming post but this is an important piece of your application security story. If you are unsure about where to start, take a look at the tool Nexpose by Rapid7. This tool scans your network, finds vulnerabilities, and then reports back to you on what to do to fix them. There are other tools out there that do the same thing. Invest in a tool and write procedures around it.
-Cheers
