Best Practices for Credit Union Patch Policy and Managed Patching
New! Learn about our managed patching service, a patch management solution for credit unions.
Almost weekly, a new patch becomes available for one of your devices. And when that new patch is available, you have a couple choices:
1. Download and install that patch, or…
2. Ignore it and hope nothing bad happens
If you’re in the latter camp, then please… stop what you’re doing right now, and start patching.
But how best to do it? In this blog, we’ll discuss credit union patch policy. Then, we’ll cover a few patching best practices that we’ve developed over our years of providing managed patching services for credit unions.
Credit Union Patch Policy
The easiest way for a hacker to get into any system is through a known exploit. Most security breaches in the last couple of years happened because known vulnerabilities went unpatched. If you value your data security, you need to stay on top of your patching.
But that’s not all. Aside from the commonsense aspect, patching is also required by the NCUA. They expect you to have a robust patching policy in place. Unless you want to flout NCUA regulations, you should stay up to date on your patches.
So, how can you stay up to date? How can you satisfy your basic cybersecurity needs and the NCUA’s regulatory requirements?
Credit Union Patching Best Practices
We at Ongoing Operations have been helping credit unions with their patch policies and requirements for years. We bring collective decades of experience to this aspect of information security.
Here are a few tips and best practices we’ve developed over the years.
1. Patch at least once per month
So many patches come out every month. Each patch represents a weakness in your credit union’s security. Unless you feel that going months with unpatched vulnerabilities is a good thing, you should patch at least once per month.
If you do patch only once monthly, we recommended patching in the last two weeks of the month. That later patching window will ensure that you have time to detect and download patches from Windows.
2. Prioritize patching for Windows devices
Windows is ubiquitous. It’s easy to use and everyone has worked with it at some point or another. Unfortunately, “everyone” includes hackers. More Windows users means more Windows exploits.
Patch your Windows devices first. Fewer people target non-Windows devices.
3. Document your patching process
The NCUA will audit credit unions to ensure their patching process is secure and up to date. If you come prepared with patch reports in hand, the whole audit process will go much more smoothly. At Ongoing Operations, we also support credit unions with their patch-related audits.
(Side note: you may benefit from an audit checklist for credit unions.)
4. Be smart about what you patch
In a perfect world, there would never be any problem with patching. But the world is not perfect, and not all patches go down as smoothly as a nice single malt. Here’s what you can expect for 90% of all monthly patches:
· Critical updates
· Definition updates
· Security updates
· Updates
· Update rollups
10% of the time, patches are a bit trickier. These may require a bit more legwork. For example:
· Drivers
· Feature packs
· Upgrades (such as feature upgrades for Windows 10 and up)
· Third-party patches
All the above, especially with legacy software, must be handled with extra care. Improper patching may increase the risk of application or program errors.
More About Credit Union Device Patching
Hopefully, we’ve communicated the importance of patching, as well as a few best practices to keep your patching smooth. Still, patching is a big subject, and one small blog can’t cover it all.
Subscribe to our blog to learn more about patching for credit unions. Or follow the links below to see what else we’ve written about lately.
The Basics of Managed Patching
Credit Union Patching Challenges
Or, if you think you might benefit from offloading your credit union’s patching requirements…