Skip to content
Archived content. You are viewing v1 of SME Digital Advisor — the original multi-section site (risks, scenarios, policies, OWASP, flashcards). Go to current site →

Patching & vulnerability management

Are you running months-old, patched-everywhere-else software?

Background

Most ransomware uses vulnerabilities patched months earlier.

Questions to ask yourself

  • How often is our laptop fleet patched?
  • Are servers patched within 14 days of a critical update?
  • Are network devices (firewall, router, NAS) updated?
  • Do we know what software is past End-of-Life?
  • Is patching a person's job?

What you can do today

Make patching a habit

Three steps.

  • 01Set Windows Update / macOS Update to automatic on all laptops.
  • 02For servers and network kit, agree a patching cadence with your IT supplier in writing.
  • 03List software past End-of-Life (Windows 7, Server 2012 R2 already out; Server 2016 by October 2027). Replace, segment, or accept the risk with a date.