Everyone knows the adage “No one is perfect”. Unfortunately for anyone with a computer network, the bad actors who want to infiltrate your system are ready to take full advantage of any mistake they can find.
Cyber security is a constant competition between software/code developers and bad actors. The bad actors scour software programs and hardware code looking for that mistake that will let them into your network. Software/code developers are constantly reviewing their products looking for things they might have missed that will let someone in where they don’t belong. When developers find mistakes, they create patches or security updates to fix the issue and keep the bad actors out.
The challenge for those of us who use this software and hardware is to make sure that any vulnerabilities that have been identified get fixed as soon as possible. This is done by implementing patches or security updates. (Most people are familiar with these for their phones/tablets). The only thing worse than having someone breach your network is finding out the breach only happened because the latest patch wasn’t installed. It is estimated that 70% of the breaches that occur happen via a vulnerability that already has a patch available to resolve but was never applied.
Because of the quantity of hardware and software programs in use by schools, this can be time-consuming. But like exercise and physicals, the result of not doing it can be serious.
This week’s suggestion:
- Talk to your Tech Director about what the patching process is for your network resources.
- Ask how hardware and software vulnerabilities are identified and resolved including third-party applications
- Continue (or start) the process of coming into line with the NIST Cybersecurity Framework guidelines
Next week’s bulletin will discuss “Cyber Attack - Are you as protected as you think you are? (Part Three-Firewall Health)”
If you would like more information on help with Patching or navigating the NIST CSF journey, please contact Lisa MacDougall at firstname.lastname@example.org or call 845.897.9480.