Software Patching Best Practices – 18 Must Do Tips

There are many other benefits to applying software patches including in some cases adding features, fixing bugs that make the software run slow or not work right.  All software needs to be patched. Whether the software sits on a disk and runs on a server, resides on a chip within a firewall, or is an app that is in your tablet devices, it all needs to periodically be updated and patched in order to be secure.

The following list of 18 software patching best practices is what we follow at Alvaka Networks when delivering on our Patchworx(SM) Patch Management Service.  It is important to note that all these steps are important, but not always are all them utilized or they can be utilized in different ways depending upon the needs of the client. Like us, you will need to decide what your patch management plan needs to look like to best suit your needs.

18 recommended best practices for patching your software:

Software Patching Best Practices – 18 Must Do Tips2021-06-04T12:49:43-07:00

Why are Patch Management and Change Management Important?

Alvaka Networks has arguably the best and most sophisticated patch management process in the Orange County, Los Angeles County and possibly the US.  Not many firms can deploy vast quantities of patches to valuable high availability servers and PCs with smoke testing qualify control while following the sun globally during selected narrow service windows.

Change Management
Change management is vital to every stage of the patch management process. As with all system modifications, patches and updates must be performed and tracked through the change management system. It is highly unlikely that an enterprise-scale patch management program can be successful without proper integration with the change management system and organization.

Like any environmental changes, patch application plans submitted through change management must have associated contingency and backout plans. What are the recovery plans if something goes wrong during or as a result of the application of a patch or update? Also, information on risk mitigation should be included in the change management solution. For example, how are desktop patches going to be phased and scheduled to prevent mass outages and support desk overload? Monitoring and acceptance plans should also be included in the change management process. How will updates be certified as successful? There should be specific milestones and acceptance criteria to guide the verification of the patches' success and to allow for the closure of the update in the change management system....

Why are Patch Management and Change Management Important?2021-01-27T21:42:49-08:00

40% of Hospitals Self-Declared as Struggling Financially Due to IT Problems

94% of the surveyed hospital CFOs self-identified as “struggling”, report that delayed or failed implementations in other IT systems, particularly EHR, have drastically impacted the organization’s financial position.” 

That is what is says in the third sentence of a  fascinating press release I just read  from healthcare market research firm Black Book Market Research.  The press release goes on to cite a number of other statistics from their research including stats that many healthcare CFOs are expecting to lose their jobs by 2016 and that there will be a trend to start hiring CEOs from outside healthcare.

I have witnessed some of the reasons for the IT troubles at healthcare companies: 

·         Healthcare companies on the whole have been laggards in adoption of fresh information technologies.

·         IT personnel at most healthcare organizations themselves are behind the curve on...

40% of Hospitals Self-Declared as Struggling Financially Due to IT Problems2015-01-20T04:16:44-08:00

Happy Hanukkah, Merry Christmas a Happy New Year to All of You

Thank you so much for all your support in 2014.  We are already planning for 2015.  Many of you may have already gotten calls from me as I contact you to get feedback on a set of 10 questions I [...]

Happy Hanukkah, Merry Christmas a Happy New Year to All of You2014-12-23T23:04:11-08:00

Bonus Depreciation Was Just Raised to $500,000 for 2014

We wrote to you three weeks ago to remind you of your $25,000 for tax deduction and bonus depreciation on certain IT and other assets.  We have a news flash, the senate just passed a bill to raise that accelerated [...]

Bonus Depreciation Was Just Raised to $500,000 for 20142014-12-18T18:59:12-08:00

What nineteen audiences in twelve months taught me?

Navigating Fear in the Security and Compliance World

In advancing technology it is fear of having a project go sideways, over budget or fail to accomplish the stated objective that has many frozen. What if that technology we recommend doesn’t work as we hope? What if it is something required by law (such as encryption in healthcare) that we fear an unknown outcome so much that we won’t act? What if we miss a key component of a project or underestimate the effort required and the entire project goes over our budget?

What nineteen audiences in twelve months taught me?2014-12-17T23:02:14-08:00

Senate Passes Retroactive Tax Relief Under Section 179

This is one time you may want to make a quick call to your accountant, then order up some of those infrastructure items you are putting off. A bill known as “tax extenders” if signed by the president will reinstate Section 179 tax [...]

Senate Passes Retroactive Tax Relief Under Section 1792014-12-17T22:47:22-08:00

How Can An IT Security Breach Cost Me My Job? The Sony Pictures Case

I don’t normally give a moments notice to stuff that goes on in Hollywood, but the story “Future of Sony's Amy Pascal questioned after hacked email revelations” caught my attention because of the cyber security aspect involved.  So often I hear executives say something similar to “I don’t worry about our security because we don’t have anything anyone would want to hack into.”

That complacent assessment is wrong as most everyone knows since today nearly all hacking/security breach incidents are the result of indiscriminate malware that scans the Internet searching for vulnerable systems.  When that malware finds a vulnerable system most of them run automated code that looks for passwords, bank account information, encrypts data for ransom, etc.

In this particular case a ton of data was stolen and released.  The implication for Sony Pictures Co-Chairman is that her personal e-mails were....

How Can An IT Security Breach Cost Me My Job? The Sony Pictures Case2020-01-06T20:27:56-08:00

Why Will My Company be Listed on the HHS Wall of Shame?

6 Reasons Organizations Fail to Encrypt ePHI

The drumbeat of HIPAA breaches in the media is incessant, and the refrain is the same: yet another PC containing electronic protected health information is stolen, so the organization is compelled to notify patients, Health and Human Services, and the media.  The Office of Civil Rights swoops in, levies a 7 figure fine, and posts the offender on the HHS “Wall of Shame”, resulting in a damaged reputation and loss of future earnings.

Ironically, had the PC’s hard-drive been encrypted, the loss would have been a non-event, unreportable given the Safe Harbor provisions of HIPAA.  And inexpensive encryption technology has been readily available for years.  Yet, 538 or 46% of the 1,171 Breach Notifications posted on the Wall of Shame stem from the simple loss of a computer with an unencrypted hard-drive.

So, if it is so obvious how to correct the deficiency that single-handedly accounts for the most frequent HIPAA Breach Notifications, why don’t more organizations properly encrypt and protect the ePHI entrusted to them?  Here are the six most common reasons we discover during our risk assessments …

Why Will My Company be Listed on the HHS Wall of Shame?2014-12-08T18:10:15-08:00