Don't-Put-All-Your-Baskets-In-One-Egg
Cybersecurity Syndicated

Don’t Put All Your Baskets In One Egg And Expect A Tiger To Hatch – Security Updates

Short on time? Listen instead.

Strengthening Cybersecurity Through Effective Change Management in Mental Health Practices

Yeah, that title is exactly what was intended!

Most everyone that reads this post will recognize at least part of the reference to the old saying, “Don’t put all your eggs in one basket,” but some might not. It means don’t do one thing or plan one event to solve a problem or make your money go further. Invest in different places with different modes of return to ensure you are less likely to lose all of what you have put into it.

The tiger, well, that’s a reference to security and protection. No, don’t hire a tiger to guard your data. They eat way too much and sleep most of the time. The same is true when it comes to cybersecurity. If you do only one thing to secure your systems or data, it will likely be exposed in another way you haven’t thought about or planned for. This is why you sometimes hear the phrase “layered defense.” If you have read other Northstarr blog posts, you will notice many topics related to various ways to secure your organization against breaches – guards, heating/ventilation/air conditioning (HVAC), training, etc. Even things like insurance come up here and there.

Each security method is just a part of the overall planning and implementation required to ensure your organization is the last one anyone wants to mess with.

This leads us to the actual topic of the post: security updates.

Understanding Security Updates

Security updates are programmatic changes made to the applications, hardware, and operating systems you use daily to manage your business, gather, store, and use data to make a profit or accomplish a goal. The updates almost invariably come from the creators of the applications or hardware, so you are likely to believe that they end whatever problem they were meant to remedy.

However, this is only sometimes the case, and you should never trust that it is the end of the problem for several reasons.

The Role of Updates in Security

Updates are meant to add functionality or improve your experience using something, and also for security reasons. But the actual security you wish to see enhanced may need your attention more than the update implies.

An example of what we are talking about would be a settings decision related to a recent update by Microsoft. Recent updates to some of Microsoft’s products allow you to make your systems more secure, but YOU must make the changes. Some settings added or changed would enable you to close a potential security vulnerability, but without you changing those settings, they are ineffective.

The Need for Proactivity in Security Updates

Think of it like adding a lock to your front door. Yes, it improves your ability to secure your home, but if you don’t lock it when appropriate, it is just a bunch of metal and an expense that does nothing for you.

So, what should you do when an update becomes available? Should you just install it and hope? Or is there another, more effective way to go about this task?

Change Management in IT

Suppose you work for an organization that uses computing systems and connects to a network or the internet. In that case, you probably also have someone that does the IT and/or cybersecurity for you. A person or team may work directly for the organization or possibly an outside IT provider. Either way, they should be knowledgeable enough about what they do to know that changing something can have unintended consequences.

Change management is a set of procedures that, when implemented and followed, reduce problems by ensuring that the changes accomplish their intended purpose without causing undue stress to the systems and personnel that use them. It describes requests, decision-making, research, and implementation procedures.

Change management is crucial because it allows all involved parties to have input into anything that might affect them or their work. It puts all the options “on the table” for discussion so that they can be used, modified, or discarded.

Northstarr Recommendations

  • Establish a formal change management process within your organization.
  • Regularly educate and train staff on the importance of security updates and change management.
  • Test updates in a controlled environment before full implementation to identify potential issues.
  • Develop a rollback plan to revert changes if they adversely affect your systems.
  • Document all changes and communicate them effectively across the organization.
  • Continually monitor and review the change management process to ensure it evolves with the changing security landscape.

To find out more about how we can help, visit our website or give us a call at (888) 767-2210 to set up an appointment.  We look forward to meeting with you!