A woman with short dark hair sits at a table an open laptop. She has her head resting in one hand and a smile on her face. On the table around the laptop are some papers, a pen, and a notebook. A potted succulent plant sits on the table closer to the viewer, in the foreground.
When downloading a security patch, make sure you use a secured private network, such as your home or office WiFi. — Getty Images/Westend61

Security patches are software and operating system updates that aim to fix security vulnerabilities in a program or product. These updates literally “patch” a hole in your defense, preventing a hacker or piece of malware from exploiting a way into your network.

Security patches are often sent as push notifications from the tech companies that administer your operating system (macOS or Windows), email and web applications, and any firmware you have installed on your devices.

Patching is an important practice to protect your company against malware, ransomware, and hacking attempts. The Cybersecurity and Infrastructure Security Agency (CISA) recommends applying relevant patches to your devices as soon as possible to avoid putting your business at risk.

Why are security patches important?

Earlier this year, Apple released its first ever “rapid security” patch to quickly fix security vulnerabilities that were active and posed significant risk to its customers. Customers received very little information beyond the alert, which encouraged iPhone, Mac, and iPad users to install the update as soon as possible.

While at the time Apple did not disclose specifics about the security issue, more details were released that conveyed the severity of the vulnerability. “One of the security issues might disclose sensitive user information to a third party, and the other issue could allow a third party to execute commands on your device without your knowledge,” wrote CNET.

Apple’s rapid security patch was a first for its customers, but these security patches are a normal part of updating your OS. Most security patches are deployed as a part of a larger software update package, which can also include new features and bug fixes.

The Ponemon Institute found that nearly 60% of data breaches could have been prevented by better patch management. Updating your software — whether through a rapid alert or regular software updates — can help keep your valuable information secure against the evolving threat landscape. These software updates not only help your cybersecurity, but also your compliance.

“Regulatory frameworks such as the PCI DSS require organizations that handle sensitive data to keep their assets patched at all times. As a requirement for regulatory compliance, security patching safeguards these organizations from cybersecurity threats that target specific data environments,” wrote RSI Security.

[Read more: 11 Things You Can Do Right Now to Protect Your Business from a Ransomware Attack]

Make sure that you only download software updates from trusted vendor websites.

The Cybersecurity and Infrastructure Security Agency (CISA)

Security patch best practices

Some patches are automatic, while others need to be installed manually.

Automatic patches are ideal, but you may need to configure your device, software program, or app to push updates automatically. These patches often require user or administrator consent when installing the software; when you set up a new tool or platform, make sure you tick the box giving approval for automatic updates.

Manual updates require your security administrator to visit the vendor's website to download and install software files. CISA cautions small businesses to only download updates from reputable sites. “Make sure that you only download software updates from trusted vendor websites. Do not trust a link in an email message—attackers have used email messages to direct users to websites hosting malicious files disguised as legitimate updates.”

Finally, be thoughtful about where you download your security patch. Unsecured networks, such as public WiFi at a coffee shop, can put your system at risk. Only download security patches from trusted network locations, such as your home or office. Or, if you do need to install a patch on a public network, use your VPN to create a private connection.

[Read more: Security Guide: Keeping Your Business Safe Online and Off]

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Published