Patching and Timely Updates Shield SMBs from Ransomware Rampage

Over the years, we have all grown accustomed to Patch Tuesday. Microsoft schedules the release of security updates on "Patch Tuesday," the second Tuesday of each month at 10:00 AM PST. For the longest time, this was considered more of an annoyance than something someone followed. Organizations need to pay attention to this and build proper programs to ensure patching is accomplished quickly and purposefully. The main reason behind that now is Ransomware.

Ransomware first became noticeable in 2005, but the history of ransomware goes back to 1989 when the PC Cyborg Virus was passed over a floppy disk that demanded the system owners send a $189 check to a P.O. box in Panama to restore access to their systems. Since then, Ransomware has evolved into a complex business that prevents users from accessing their systems by encrypting the system until the user pays a ransom. The newest trend in ransomware is known as Ransomware as a Service (RaaS). RaaS is a new business model connecting ransomware operations and affiliates that would pay operators to attack organizations they wish. With all these bad actors out there, SMBs need to do what they can to ensure these actors do not gain access to your systems, and patching is your first line of defense.

Patches get released from Microsoft at least once a month, and SMBs must stay on top of it. The first step is downloading all your desktops and laptops and installing Microsoft monthly patching. Next would be looking at the servers. Additional research must happen before you install the patches on servers to ensure that the patch will not negatively affect the system, which could disrupt your business. The next step to look at is all of the third-party patching. A third-party application is software installed on a system that is different from the operating system manufacturer; examples of this would be Adobe Acrobat Reader DC, Adobe Photoshop, Google Chrome, Google Drive, WinZip, TeamViewer, Evernote, and Zoom. This step can be a little more complicated depending on the amount of third-party software allowed on your systems. Your organization must review all the software and determine what is outdated and needs patched.

If your organization is resource-constrained, Soaring Eagle Data Solutions is here to help. We can assist in developing a comprehensive patching program and a robust vulnerability management plan, ensuring your systems are protected.