Why Patch Management is Important in 2019 and Beyond

It might seem plausible for IT managers to believe 2019 was a particularly bad year for patch management issues, thinking perhaps they’ll finally be able to focus on other “more important” security issues in 2020 and beyond, but that is not at all realistic.

In fact, as both employers and employees alike find new ways to harness technologies that help to increase productivity and grow their business, the expansion of new hardware and software options will continue to explode. Of course, along with each new application and device there are invariably imperfections that must be patched. The sooner a business comes to terms with the fact that having a comprehensive patch management system is the price they’ll have to pay to take advantage of new technologies, the sooner their corporate data will become safer and more secure.

Is Patch Management Really That Important?

Many people think the majority of security issues arise from a cyber criminal stealthily creeping through their personal information looking for passwords or social security numbers. In reality, the majority of data breaches (57%) occur from vulnerabilities due to poor patch management practices. Considering the explosion in applications, smart devices, operating system versions, etc., it’s no wonder companies feel overwhelmed and unable to patch security holes fast enough to keep up with all the threats.

A recent survey of 3,000 cyber professionals across the globe, reported 48% experienced a security breach within the past 2 years, with poor patching processes as one of the main reasons for the attacks.  

Things to Look For in a Strategic PM Solution

With these sobering statistics, it becomes much easier to see that poor patch management is a serious issue within the business community. The fact that poor patching procedures often leads to cyber breaches should be a wake up call for those following little or no protocol. Companies who want to reduce their risk of encountering a costly and devastating security breach need to gain the upper hand on this often neglected area by developing a sound plan. Of course, larger companies can afford to hire a complete staff to develop and manage a PM solution, however smaller companies often need to look to an external vendor for help.

When researching vendors who have such solutions, it’s important to consider whether their plan incorporates the entire patch management lifecycle. The basic structure of the life cycle is as follows:

  1. Discovery – assess all technology use
  2. Categorize and prioritize – people, devices, processes, etc.
  3. Create a patch policy – (and keep it updated)
  4. Institute monitoring processes for new patches
  5. Patch test in non-production environment
  6. Manage associated configurations
  7. Patch rollout
  8. Audit results of patch rollouts
  9. Reporting and analysis of results
  10. Repeated review of life cycle for optimization 

Getting Started 

Companies who are beginning to realize they need to take a more serious approach to focusing on and organizing their patch rollouts, can also benefit by taking these additional steps that will help them get on the right track. Start by applying patches for those risks labeled as critical. Develop and implement a data backup and recovery plan. Decide to make a proactive patch management philosophy (and practice) a core component of your technology security strategy.

Centralize and automate the patch application process by employing automated patch software. Evaluate employee end-user rights and only give admin rights to those deemed absolutely necessary. Regularly patch and update the preconfigured computer template used when onboarding new employees. That way new employees will automatically have all the latest operating system patches, along with those for business applications, software, privileges, and other important settings.

If you would like more information on developing and implementing a solid patch management solution for your business, please contact us!

What is Shadow IT?

What is Shadow IT?

Shadow IT is the collective term used to classify all information technology applications and infrastructure that is used in the workplace without authorization of the company’s IT department. This includes software, web applications/servers, hardware, and cloud technologies. 

Employees often bring in applications into the company that they believe will help them achieve their tasks or complete their projects better. This is often the case as well. Shadow IT is often managed and utilized by employees to improve productivity and efficiency. This is where the gray area part comes in.

Why is Shadow IT a Gray Area

Shadow IT is considered a gray area because although the intentions and purpose of the shadow IT brought in are to increase productivity, there is also a security risk involved with this.

Allowing foreign and unauthorized shadow IT to interact and manipulate the company’s data is a big security risk. Members of the IT department are tasked with ensuring the security and compliance of the data that is transmitted through shadow IT sources. This makes their job of securing company data much harder and increase the risk of foul-play or information theft.

Some companies are willing to embrace the innovation and increased productivity brought on by these shadow IT technologies, while others frown upon it due to the increased security risks. 

The Solution?

The purpose of the shadow IT introduced to the company are primarily to increase productivity and ease of task management. The increased usage of shadow IT creates what is called a digital sprawl. This term means that there is an increase in incoherent application or software that is being used in the company. For example, employee A uses Application X to make their spreadsheets while employee B uses Application Y to achieve the same task. With an increase in the number of different applications used and the number of employees, the digital sprawl can easily become difficult to manage.

This digital sprawl raises data compliance issues and can potentially cost companies a lot. This also makes it difficult to govern the use of applications as well as maintain consistency in the company at the macro-level. High amounts of digital sprawl can mean lots of wasted time, effort, and resources for a company.

Governance and Leniency

In terms of a solution, the company should task the IT department to find technologies that they are willing to authorize that will also allow employees to effectively perform their duties. Then, governance of employees to use the standard application will increase company coherence across teams and departments in the company. 

If it proves too difficult a task to eliminate all shadow IT sources, then creating a technology filter is the best option. A technology filter is essentially where all employees must pass the technology they desire to use to the IT department. From there IT can either authorize the use of the technology or deny it. Making a limit to the number of unique services in the workplace is also important. This will minimize digital sprawl while also allowing the inventiveness and creativity of new technologies to enter. 

By recognizing shadow IT for the potential benefit, yet inherent risk that it is, it is easier to make the best decision for the company. Finding the right tolerance for shadow IT in the company is crucial for the security of information. For more information about shadow IT or IT in general, contact us.

Increase Patient Happiness with Patient Scheduling Software

Increase Patient Happiness with Patient Scheduling Software

As with other professions, many in the medical community are taking advantage of some of the benefits offered by advances in information technology. By doing so, these medical professionals hope to increase patient satisfaction, decrease patient wait times, and improve the accuracy of their services. In this article, we will discuss some of the newer features becoming available in software applications specifically designed for the medical industry.

Self-Scheduling Features 

More and more medical offices are allowing patients to schedule their own routine appointments online. Patients appreciate the 24/7 availability of scheduling an appointment, along with the ability to reschedule or cancel their appointment if necessary, through a secure portal. By allowing patients to schedule appointments, it frees up office staff to focus on patients with more complex medical issues.

Automate Patient Waiting List

Sometimes patients are unable to see their physician as quickly as they would like. In the past, many medical offices kept a manual wait list and would contact patients if a spot became available. New software applications can automate this process by sending out text messages to those on a waiting list. A patient can respond directly to the text and accept the newly available appointment if they desire. Automating the process helps reduce the chance that a physician has an open slot, and allows patients to receive medical care in a more timely manner.

Organized Scheduling 

Automated software applications can help create a more efficient scheduling process. These applications allow office personnel to quickly determine which providers are taking new patients, which insurances a provider may accept, as well as ensure appointments are scheduled in blocks of time rather than haphazardly scheduled throughout a provider’s day. By providing office staff with all the information they need, they can match patients with the necessary provider, process insurance information, and fill a provider’s schedule in an organized manner.

If you would like to know more about software applications for automating medical offices, please contact us.

Exactly How Old is Your Old Server?

Exactly How Old is Your Old Server?

While almost everyone can appreciate the value of a classic car, “classic” servers do not necessarily hold their value, especially when they decide to fail during a typical workday. Although very large businesses might have a spare server to fall back on, small businesses typically do not. To rely upon an old server, perhaps offering up a daily prayer that it will continue to run properly even though it is showing signs of age, is not a good business plan.

Why Servers Matter

When operating smoothly, servers run quietly and efficiently in the background of an organization. Most users don’t think much about or even see the server(s) they use — but they are the invisible workhorse(s) providing crucial functions for organizations. Servers allow employees to have internet access, they serve up corporate data in applications for viewing and updating, they allow employees to collaborate on group projects, along with many other critical tasks that employees must complete in any given workday. When a server functions properly, a business can function as well. If a company should experience server failure during a workday, it stops most, if not all employees from working altogether.

A Comprehensive Plan 

The best way to avoid receiving an unpleasant surprise from an old server is to prevent it from failing in the first place. Servers have become much to valuable for companies to have a “set it and forget it” attitude. Enlisting a managed service provider is the first step in taking a proactive stance to effectively managing vital technology hardware.

Managed service providers can monitor a company’s essential equipment and alert interested parties when they discern that older equipment needs replacement. MSPs also monitor equipment patches, ensuring that all equipment stays up to date in order to avoid the latest vulnerabilities. Professional managed service providers can also create an effective backup and data recovery plan to ensure that an organization’s data always remains protected no matter what.

If you would like to know more about protecting your organization’s hardware and software capabilities, please contact us.

Support for Windows 7 Ends as of January 14, 2020 – Mark Your Calendar

Support for Windows 7 Ends as of January 14, 2020 - Mark Your Calendar

Just like the end of Windows XP, which many of us loved, Windows 7 lifespan is coming to an end. It is imperative that your business is thinking about what you are going to do when Microsoft is no longer providing security updates. Without these updates’ your operating systems will be wide open to security risks and cyber attacks. You have almost a year before the expiration, so steps should be taken soon to defray any expenses which are incurred. Depending on how old your hardware is a budget adjustment may be necessary.

There a couple of upgrade choices to look into, and deciding which is the best option for your business takes careful consideration.

Machines utilizing Windows 7 operating systems can be upgraded to Windows 10. The laptop or tower must have a 1GHz or faster processor, memory needs to be at least 1GB RAM for 32-bit and 2GB for 64-bit with a minimum of 20GB hard disk space and an 800 x 600 screen video card. If your equipment is new enough and meets these requirements, then you can purchase the licensed Windows 10 Pro for $199.99. That is the price for each PC and laptop.

Microsoft Office 365 can be outright purchased or used on a monthly basis providing you subscribe for a full year, either choice provides free upgrades. There is a caveat, a limited number of users can be signed in at a time.

The last option is to purchase new machines with Windows 10 already installed. This may be the wisest choice due to the time between now and January. Budgeting for new purchases and beginning their acquisition soon will get your business past this crisis as well as updating some tired old equipment that may have seen better days. 

One thing is certain, technology is always changing, but Windows 10 will have extended support until October 14, 2025. So whichever upgrade option you decide upon, additional changes will not have to be made for quite a while.