Patch Management and GDPR
Poor Patch Management not only leaves your systems vulnerable to attack but it could also leave your business vulnerable to fines under GDPR regulations.
Patches, upgrades and replacements are regularly released for a range of software and operating systems, the announcement from Microsoft regarding the end of life of Windows 7 is a case in point.
In less than a year, Windows 7 will be considered an unsupported product, leading to software vulnerabilities as patches are no longer released. If you are running Windows 7 after this date then it could be considered that you are leaving your business vulnerable to a known risk.
Whilst playing a game of Russian Roulette with your IT functionality is an option for every business owner, playing with the security of your clients’ and suppliers’ data is a different story entirely. GDPR has been in force since May 2018, replacing The Data Protection Act. While many businesses have spent time and money on updating processes, procedures and documentation in relation to The General Data Protection Act, there has been an area that appears to have been regularly overlooked.
A key principle of the GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’.
Patch management is one of the more straightforward layers of cybersecurity available to a business. The Government backed Cyber Essential Scheme (Launched in 2014) lists “Keeping your devices and software up to date” as one of 5 key areas to consider, others include securing your internet connections, securing your devices and software, and protecting against viruses and other malware.
So, if your business is running Windows 7 and you do not want to leave yourself exposed to software vulnerabilities or a potential ICO fine in the event of a breach, speak to us and we can provide you with a Device, Workstation and Software Health Audit of your business’ entire IT estate.
Our audit report can:
• identify missing patches
• identify antivirus and security issues
• provide an inventory of your IT hardware
• provide an inventory of your software
• provide a manufacturer’s warranty report