Hi Mark again,
All business managers and business owners should know the answer to this or question their IT staff to see if they have it in place. Even the most basic of security audits insist on this being in place. We are all familiar with term of patch management and Windows updates when it comes to Windows Operating Systems and the importance of these as they fix security vulnerabilities within the operating system, these vulnerabilities get publicised on the internet and hackers run scripts to identify these vulnerable machines.
It is important to keep on top of security updates. What consistently gets ignored is the fact that other software suffers the exact same problem, security flaws get highlighted and hackers exploit them. The other software I am talking about is the things we have on our PC’s as standard – Adobe Reader, Java, Firefox, Silverlight and whole host of other common software also needs security patching implemented on a regular basis. Most companies do not like throwing money at this kind of pro-active maintenance as they do not see anything for their money, however this is essential and if you want to promote your compliance with Cyber Essentials or any other Security Standard then you need this in place.
There are many solutions out there which are very expensive but do “Patch Management” fantastically. We highlighted this problem a long time ago and that business owners could not put a value on it as it was a cost that they did not see the point, what they failed to do is consider it an insurance policy that would protect them and their business. We struggled to find a way to get our MSP customers to put a value on it and so we decided to give it to all our MSP customers “Free of Charge” and we financially justified it by using the bulk buying power i.e the vast quantity we purchased would bring the price per PC right down and we then not only passed the saving on we actually absorbed the fee, removing the financial decision from business owners. We would also get a return on investment because we are pro-actively maintaining and so NOT re-actively fixing. Hope this explains the misunderstood problem of third party patching!