Information Security Best Practices: Software Updates and Patches

What’s your stance when it comes to patch management? Do you require patches and upgrades to be implemented immediately? Are you sure you’re actually doing what your policy says?

Random checks to confirm you are following your own rules is the best way to monitor the activity.

If you’re scratching your head at my use of the phrase “patch management”, understand that if you don’t keep up to date on your system patches and upgrades, you leave yourself wide open for the most basic of hacks. If you never update, your vulnerabilities are exponentially increased. Your best practices Information Security Program should clearly document your patch management procedures and frequency of the updates.

Information Security Best Practices: End User Acceptable Use Guidelines

Your policy should contain specific language detailing what employees can do with “your” workstations. While we hope that all company property is used for company purposes, this just isn’t the case in real life. Instruct employees as to what is considered business use and explain the risks of downloading games or using tools like instant messaging.