It’s not just your tech team who plays a leading role in keeping your company safe from cyber attacks. Every team member must do their part to keep the company’s networks and devices safe for use—including updating their software. Ignoring company emails and notifications to update software causes further delays and possible complications for the company as a whole.
To mitigate this issue, we asked members of Forbes Technology Council to share one practical way to get your team on board with regular software updates. Here’s what they recommend.
1. Remote Updates
We partner with a third-party IT service that frequently pushes updates via remote connection. There is still the indeterminable factor of whether or not employees will remember to leave their computers plugged in and awake throughout the night to be able to do it, but it’s proven way more effective for us than before. – Christy Johnson, AchieveIt
It’s not fair to ask humans to take the burden here. You need a solution that automatically accesses configurations of data and storage systems and checks for vulnerabilities, violation of industry best practices, ransomware guidelines and noncompliance with regulations. It informs IT teams of violations and how to repair them in order to close the security gaps that put critical data at risk. – Gil Hecht, Continuity Software
3. Off-Hour And Weekend Scheduled Updates
When an update means the difference between a secure system and a vulnerable one, data-security teams should not leave it up to employees to complete the task. Instead, configure the software to update automatically. For the users’ sake, schedule updates for off-hours or weekends, give ample notice and instruct them to keep devices plugged in and connected to the internet. Problem solved. – Ron Cogburn, Exela Technologies
4. Specific, Personalized Scenarios To Demonstrate Risk
A big irony in security is that the more critical a system is, the less likely it is to be patched well! To keep critical systems available, teams often deprioritize security. While security is abstract, an unavailable system is tangible and immediate. Security teams need to make the risk real so downtime seems necessary. Provide specific, personalized scenarios for why the action matters. – Mike Lloyd, RedSeal
5. Network-Access-Control Technology
Software updates are known to be important but are not always prioritized by employees. Additionally, the proliferation of devices has created an urgency to improve visibility and ensure updates happen regularly. Network-access-control technology provides critical visibility to see what is connected to networks and deny unpatched or not-up-to-date hosts from using the network with automated responses. – Michael Xie, Fortinet
6. Managed Software Center
One of the biggest threats to the cybersecurity of any company is unsanctioned software installments. By managing the list of software tools that your employees can and cannot install you are disabling the outside virus attacks while at the same time giving your employees just enough room to make their own decisions about what kind of software they need on their computers. – Daria Leshchenko, SupportYourApp Inc.
7. Clearly Displayed Warnings
Educate your users on the importance of software updates by ensuring they understand the consequences and risks of out-of-date software to the business as well as to them. Many people perform personal activities such as banking or online shopping on company computers. Encourage them to keep software up-to-date by displaying warnings when they connect to company servers or access the internet. – Jesse Stockall, Embotics Corporation
8. Cataloging Open-Source Software
Having employees regularly catalog an organization’s open-source inventory is a key strategy for staying on top of vulnerabilities. This gives the cybersecurity team visibility and control over the applications running across the network. The team can then vigilantly track security fixes, monitor the patch statuses of each component and apply updates to minimize risk exposures in a timely manner. – Christopher Yang, Corporate Travel Management
Turning the update from a must-do to a teamwork-building exercise is one way to help adoption. The team that has the greatest adoption or is the first to 100% adoption wins a small prize—even just recognition can be a powerful motivator. Making the executives their own team also helps, as most of the other teams will likely update faster to have bragging rights over the boss. – José Morey, Liberty BioSecurity
10. Slack Reminders
An easy way to get your entire team to keep their software updated is by sending out reminders. For example, when we wanted our remote employees to set up two-factor authentication, we sent out a company announcement asking them to do so and put a due date on completing the task. Then, we sent out regular reminders on our company Slack channels. You can do the same with software updates. – Thomas Griffin, OptinMonster
11. Regular Security-Awareness Communications
The risk of vulnerabilities and the importance of patching endpoints should be discussed with employees on a regular basis. This can be done through periodic security-awareness communications. Where automated patching solutions are used, employees should have the option to defer the installation of patches outside of business meetings. – Simon Biddiscombe, MobileIron
12. Encouraging Security Updates For Their Home Devices, Too
Whenever I want to ensure users do something good, I educate them on a personal level. It’s not about the company, it’s about them. They should run software updates at home, and I inform them how outdated software is a risk to their family’s security and privacy. Things like that then trickle into company life when auto-updates or configuration-management practices force culture changes on users. – Jason Christopher, Dragos
POST WRITTEN BY
Expert Panel, Forbes Technology Council
Successful CIOs, CTOs & executives from Forbes Technology Council offer firsthand insights on tech & business.