“Failing to patch vulnerabilities now will lead to punishment under the GDPR” is the message from the UK IT Governance Department. You might think it’s a scare tactic, however in reality it’s a practical takeaway for businesses, to ensure patching is considered as part of their GDPR requirements.
Is Patching a GDPR Requirement?
While the General Data Protection Regulation (GDPR) isn’t explicit about how you must protect customer data, there are a few basic technologies you should put in place. Patch Management is one of those– with the ICO’s statement an acknowledgement of this.
The 88-page document from the European Commission makes it abundantly clear that both data “controllers” and “processors” must protect EU customer information through “appropriate technical and organisational measures.” And failure to do so could result in penalties.
Why Is Patching Important?
Staying up-to-date with patching is crucial to preventing data breaches. The WannaCry and NotPetya ransomware attacks are a classic example of the severe consequences of missing critical patches, as fixes were available for both before the attacks happened. AND When it comes to GDPR, a lack of patching could be seen as negligence.
Don’t Be the Next Carphone Warehouse…
In 2015 Carphone Warehouse was issued with one of the largest fines by the ICO as the result of a data breach. One of the key points in the report highlighted that the company failed to secure the system which resulted in loss of personal data of over three million customers. Something that patch management could have prevented.
The Information Commissioner said, “A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.”
What Does Patching Do?
An effective Patch Management solution will fully automate the patch management life-cycle for desktops, laptops and servers by identifying, testing & deploying operating system as well as 300+ third party application service packs, security fixes and patches daily.
For SME’s, manually searching for and applying software patches is a manual and time-consuming task. Patch management overcomes this challenge and automatically handles the update process for every node on the corporate network.
Really, it should be a part of every IT manager’s arsenal. Nowadays, even minor software bugs can lead to major headaches so the importance of implementing a regular patching schedule can’t be underestimated!