Every so often, a new patch becomes available for one of your devices. (Okay, we kid—new patches are constantly available.) And when that new patch is available, you have a couple choices:
Do you download and install that patch? Or do you ignore it and hope it takes care of itself?
If you’re in the latter camp, then please… stop what you’re doing right now, and start patching. Failing that, stop what you’re doing and call someone to help you start patching. It’s critically important.
But we don’t want to make you start patching without giving you an idea about how. In this blog, we’ll discuss a little about credit union patch policy. Then, we’ll cover a few patching best practices that we’ve developed over our years of providing managed patching services for credit unions.
Credit Union Patch Policy
Remember a couple of paragraphs ago when we mentioned patching being “critically important?” Ahh, we were so young back then. But “critically important” isn’t just scary language with no teeth. That bark has bite.
The fact of the matter is that the easiest way for a hacker to get into any system is through a known exploit. Most security breaches in the last couple of years happened because known vulnerabilities went unpatched. If you value your data security, you need to stay on top of your patching.
But that’s not all. Aside from the commonsense aspect, patching is also required by the NCUA. They expect you to have a robust patching policy in place. Unless you want to flout NCUA regulations, you should stay up to date on your patches.
So, how can you stay up to date? How can you satisfy your basic cybersecurity needs and the NCUA’s regulatory requirements?
Credit Union Patching Best Practices
We at Ongoing Operations have been helping credit unions with their patch policies and requirements for… well, it feels like a hundred years. In terms of years of collective experience, that may very well be true.
Our credit union patching best practices are thus a product of our experience patching for others. You could say that makes them managed patching best practices. Nevertheless, the basic tenets are fairly universal.
1. Patch at least once per month
Like we hinted at the top of this blog, so, so, so many patches come out every month. Each patch represents a weakness in your credit union’s security. Unless you feel that going months with unpatched vulnerabilities is a good thing, you should patch at least once per month.
If you do patch only once monthly, we recommended patching in the last two weeks of the month. That later patching window will ensure that you have time to detect and download patches from Windows.
2. Prioritize patching for Windows devices
Windows is ubiquitous. It’s easy to use and everyone has worked with it at some point or another. Unfortunately, “everyone” includes hackers. More Windows users means more Windows exploits.
3. Document your patching process
The NCUA will audit credit unions to ensure their patching process is secure and their patching process is up to date. If you come prepared with patch reports in hand, the whole audit process will go much more smoothly. At Ongoing Operations, we also support credit unions with their patch-related audits.
(Side note: you may benefit from an audit checklist for credit unions.)
4. Be smart about what you patch
In a perfect world, there would never be any problem with patching. Ever. But the world is not perfect, and not all patches go down as smoothly as a nice single malt. Most patches are pretty standard fare:
- Critical updates
- Definition updates
- Security updates
- Update rollups
These patches make up around 90% of all monthly patches. Still, there’s another 10% that tend to be trickier. For example,
- Feature packs
- Upgrades (such as feature upgrades for Windows 10 and up)
- Third-party patches
All the above, especially with legacy software, must be handled with extra care. Improper patching may increase the risk of application or program errors.
More About Credit Union Device Patching
Hopefully, we’ve communicated the importance of patching, as well as a few best practices to keep your patching smooth. Still, patching is a big subject, and one small blog can’t cover it all.
Subscribe to our blog to learn more about patching for credit unions. Or follow the links below to see what else we’ve written about lately.
Or, if you think you might benefit from offloading your credit union’s patching requirements…