Organisations have been advised to test the applicability of patches before they are installed.
In the fourth of Network Box's ‘Forgotten Security' series, it advises IT teams to revisit their updating procedures to ensure that they cover not just their software, but also equipment such as routers.
The guide advises companies to assess the risk of installing an update that is not relevant and offers a checklist for IT teams to use as part of the update process.
This includes details on checking whether patches are provided by the system vendor, choosing the right patch that is compatible with the company's system and deciding how and when to test the patch, with the option to roll back if a mistake has been made.
The guide concludes with a buyers' checklist: questions that should be asked of any vendor at the point of buying a system, service or device. These include how easy is the system to update, what do the vendors do to make you aware of any issues, where can solutions be downloaded and installed and can you roll back to how the system was before installation?
Simon Heron, internet security analyst for Network Box, said: “This year, we've seen a number of hospitals fall victim to Conficker many months after patches were made. If the proper updates had been done, their systems would have been immune to the infection. Vulnerabilities in routers that haven't been updated properly could lead to denial of service attacks, for example.
“Patching and updating security is vital. But if it is done carelessly, it can cause severe problems. So many security flaws are caused by ‘forgotten security' processes, hence our series of guides.”