Elevate Your System’s Security with a Patch Management Program | RouteOne

Elevate Your System’s Security with a Patch Management Program

Category

Compliance
Security for DMS

Today’s dealerships contain a thriving ecosystem of technological systems designed to heighten the overall customer experience and optimize sales. 
These systems typically contain different but collaborative software packages.  As new vulnerabilities are identified or reported to the software vendor, updates or patches are released to mitigate issues. Keeping your system software updated continuously through a formal program helps lessen the likelihood of a successful attack. 


We know how vital system safety is for dealers. Security is a priority at RouteOne as well.  We’re consistently monitoring and improving our products and services for optimal performance. However, we highly recommend that your dealership create a program that will ensure you stay on top of the latest updates for all your software.  Here are some tips for building a personalize patch management program.   

Tips for Patch Management

  • Prioritize Inventory – Implement a process for formally identifying and documenting your hardware and software. The inventory list should include any software versions and hardware serial numbers which are regularly updated; this will assist with ensuring systems are updated over time as patches are applied.
  • Stay Current – Research the multitude of threat intelligence feeds that are hosted independently online or provided by vendors as a service offering, sometimes free of charge. These feeds will notify you of new vulnerabilities or release information for new patches. 
  • Create Policies and Procedures – Draft policies that outline how your patch management program should operate and what the expectations of the program are.  Document the procedure to accompany the plan and list the operational steps, including how a patch should be tested and applied, along with system validations. These documents should contain a frequency or “cadence” of patching by criticality (e.g., Critical, High, Medium, Low, etc.).
  • Test – Updates to software may introduce additional defects or cause systems to act in unintended ways. Any system patch should be tested on a designated test machine before installing on actively critical systems.
  • Audit – On a regularly scheduled basis, a review of the inventory and patching records should be conducted. This task will ensure that the inventory is accurate and systems are being patched within a timeframe in compliance with the program.

Conclusion
A large number of successful attacks today are attributable to the presence of unpatched systems and software. The addition of patch management to your comprehensive security program will help increase overall security posture. Though patching won’t diminish all risk associated with software vulnerabilities, it will minimize the attack surface to a reasonable risk level for your organization.  As part of an overall security program, view this short video we’ve created with additional tips for Dealer System Administrators to keep systems safe.