Why Don’t IT Departments Fully Patch Their Environments?

The failure to fully apply security updates (patches) to operating systems and software applications is the leading cause of cybersecurity compromise. A recent survey by Ponemon Institute of over 3,000 organizations, found that half had experienced a cybersecurity breach in [...]

Why Don’t IT Departments Fully Patch Their Environments?2020-03-27T17:28:15-07:00

To patch or not to patch? And what is patching anyway?

If you own a computer, it is very likely you know something about patching, or updating, software. First, this is different from upgrading, which usually means a developer of software has added new features or made significant changes to the [...]

To patch or not to patch? And what is patching anyway?2020-02-04T01:51:36-08:00

I Am a Non-Technical Executive: What Seven Things Should I Be Asking My IT Guys About IT Security?

Irvine, CA - Overseeing IT and security is a daunting task, even if you are an IT professional. If you are an executive to whom IT reports, then the task becomes near impossible. The list of following questions is designed to empower you to have a meaningful discussion with your IT team so you can be an informed and responsible manager pursuing your due diligence role in protecting the assets of your firm. If you are an IT professional, these are questions you should be prepared to answer.

1.       Q. When did we last do a risk assessment? Please share that document with me. I would particularly like to see the Risk Assessment Table.

A.      Make sure your IT team is periodically assessing the risks to your IT systems.  They should be recommending upgrades and new solutions for you from time-to-time, and you should be listening.  They need to be able to express the threat in operational and economic terms in order to justify the expenditure.  If your team can’t give you a clear and coherent answer on when and how they last did this, send them off with a task and a deadline.

2.       Q. When did we last do a Vulnerability Scan? What were the results of that scan? I would like to see the report.  Who did the remediation? When is our next scan planned?...

I Am a Non-Technical Executive: What Seven Things Should I Be Asking My IT Guys About IT Security?2021-01-28T18:23:01-08:00

Oli’s Top Five Computing Threats for the Second Half of 2015

I was recently asked to be part of a webinar moderated by Elliott Markowitz, The VAR Guy.  Elliott wanted me to share my thoughts on the top threats facing small to mid-size businesses.  My answer is not scientifically derived, but based upon what I am seeing most often in the past two years of IT and security management in my world.  I am seeing the top threats from these five areas:

1.    Ransomware – Organized crime groups that encrypt all your important files and hold your data hostage until you pay....

Oli’s Top Five Computing Threats for the Second Half of 20152023-08-11T01:19:23-07:00

Software Patching Best Practices – 18 Must Do Tips

There are many other benefits to applying software patches including in some cases adding features, fixing bugs that make the software run slow or not work right.  All software needs to be patched. Whether the software sits on a disk and runs on a server, resides on a chip within a firewall, or is an app that is in your tablet devices, it all needs to periodically be updated and patched in order to be secure.

The following list of 18 software patching best practices is what we follow at Alvaka Networks when delivering on our Patchworx(SM) Patch Management Service.  It is important to note that all these steps are important, but not always are all them utilized or they can be utilized in different ways depending upon the needs of the client. Like us, you will need to decide what your patch management plan needs to look like to best suit your needs.

18 recommended best practices for patching your software:

Software Patching Best Practices – 18 Must Do Tips2024-03-13T23:55:47-07:00

Why are Patch Management and Change Management Important?

Alvaka Networks has arguably the best and most sophisticated patch management process in the Orange County, Los Angeles County and possibly the US.  Not many firms can deploy vast quantities of patches to valuable high availability servers and PCs with smoke testing qualify control while following the sun globally during selected narrow service windows.

Change Management
Change management is vital to every stage of the patch management process. As with all system modifications, patches and updates must be performed and tracked through the change management system. It is highly unlikely that an enterprise-scale patch management program can be successful without proper integration with the change management system and organization.

Like any environmental changes, patch application plans submitted through change management must have associated contingency and backout plans. What are the recovery plans if something goes wrong during or as a result of the application of a patch or update? Also, information on risk mitigation should be included in the change management solution. For example, how are desktop patches going to be phased and scheduled to prevent mass outages and support desk overload? Monitoring and acceptance plans should also be included in the change management process. How will updates be certified as successful? There should be specific milestones and acceptance criteria to guide the verification of the patches' success and to allow for the closure of the update in the change management system....

Why are Patch Management and Change Management Important?2021-01-27T21:42:49-08:00

Expect a Big Microsoft Patch Tuesday on February 12th

Microsoft is releasing 12 patches on Tuesday for a near record 57 vulnerabilities.  This release is only bested by the 64 vulnerabilities of April 2011.Five of the patches are critical.  Two of those five are for Internet Explorer versions 6, [...]

Expect a Big Microsoft Patch Tuesday on February 12th2013-02-11T23:01:00-08:00