To Start Your Security Program: Don't be Like Andy
My boyfriend (we’ll call him “Andy”) has almost lost his mind over how much money he’s spent on upkeep to the house recently. Last year he replaced the roof, ousting the squirrel family squatting in our attic. This year he replaced the deck, the siding, the washer and dryer, the dishwasher, the flooring in the daylight basement, miscellaneous plumbing and the fan in the bathroom (which offered insight into the roofers’ shortcuts, so now we have to get roofers to come back out and put a proper vent in). Next year the fireplaces will have to stop being ignored and the kitchen cabinets do keep falling down.
Your technology is similar. If you started building your business 10 years ago and have not updated or patched your OS, libraries or hardware, you are vulnerable. And unlike water coming through the roof or squirrels living in your siding, you may have squatters waiting to hijack your environment in order to mine Bitcoin, hit your company with ransomware or steal food from your birdfeeder.
Do a simple Google search on why patching is important and you’ll find a multitude of articles and listicles that all boil down to: “Because, security.” And it’s true. Ransomware is on the rise and leverages unpatched systems (from NotPetya to WannaCry). Equifax’s major breach was caused by not patching (and poor communication in their executive suite). Unfortunately, patching always seems like something that could be put off for another day.
Andy was the same way when his car needed an oil change, regular maintenance, or God forbid a tire rotation. I would have to do all the scheduled upkeep for him lest the engine block seize up or the tires explode. But now that he is leasing a car he has no qualms about spending the time and money on maintenance. Does he care more about the leased vehicle than about the car he owned? Nope. Andy doesn’t care about cars at all. The only difference is that maintenance is part of the deal when you sign a lease, so it doesn’t feel like an extra expense or something he could put off indefinitely.
Your business is the same, and maintenance is part of the deal. I am often surprised by the lack of basic vulnerability management (aka patching cycles) at companies. Like Andy with his oil change, companies think of it as something they will get around to someday. Or like Andy with bald tires, something they can put off until there is a critical need. Or like Andy with the roof, something that can be delayed until the squirrels start opening lines of credit in his name.
If Andy had done regular maintenance on the house, the expenses and hassle would have been spread out over 20 years. The deck probably would have lasted another decade if he’d weatherproofed it even one time. And though the roof would have still needed replacing, he could at least have made some rent off the squirrels. Instead, he’s had a year of misery and ballooning expenses.
So be like Andy and his car lease instead—protect your investment by patching and updating as a part of regular maintenance. Build it into your regular processes. Automate it through any of the many tools on the market. Patching is a basic function of IT, a function of being a company in 2019, and a good first step to building security into your business.
Sr. Account Executive at CompuNet, Inc
5 年Thanks for the fun, entertaining article! ?I feel like I need to take Andy out for beers to console him for the public flogging (lol!)...hopefully he's a good sport.
Leading Technology and People into Seamless Integration to Build a Better World for Patients and Those Who Care for Them.
5 年Question though. How does “Andy” feel about being a security lesson?? Lol
Leading Technology and People into Seamless Integration to Build a Better World for Patients and Those Who Care for Them.
5 年I’m astounded people think patching can wait.
Freelance Writer at Self
5 年delayed until the squirrels start opening lines of credit in his name. We've all been there!
Oregon Construction Lawyer (503) 349-9878
5 年Well said