The COVID-19 crisis has forced companies to transition overnight to a fully remote work environment. Unfortunately, many have been caught completely unprepared with software and tools that simply weren’t ready for this new normal.
Now that it looks like we could be in it for a relatively long haul, we can’t simply limp through like it’s a short sprint. IT teams must implement systems to keep remote endpoints running smoothly and securely for the foreseeable future.
Software update management is a critical component in endpoint performance and security. When the operating systems and programs users rely on every day go outdated, it leaves not only the individual devices but the entire network, vulnerable. And, cybercriminals are already taking advantage, using COVID-19 phishing scamsOpens a new window to plant ransomware, trojans and data-stealing malware on endpoint devices.
The problem is, many IT teams can’t even get access to remote devices to see what needs an update, let alone to deploy one. Not to mention, internet bandwidth is being stretched very thin, which means downloading heavy updates and patches can be a slow process. And, it’s all about to get worse with a bi-annual major Windows update likely coming in May.
Get a handle on software updates in the new remote work environment with these 7 tips:
- Establish standards: There’s a good chance there’s a lot of software out there in the wild that’s unnecessary or going unused. Not everyone needs access to everything. Establish standards for who needs access to which software and which version is considered current. Standardize on an operating system (preferably Windows 10 for its added security) and bring those devices and those software installations into compliance.
- Set a policy on accepting updates: When employees are managing their own devices, oftentimes users will ignore or delay updates out of fear they could have an impact on usability, or they just don’t want to take the time. They don’t realize how out-of-date devices directly impact the entire company’s security posture. Communicate clearly why updates must be a priority and address the immediate need by setting a policy that forbids users to refuse updates. Provide instructions or tips on how to set updates to take place during downtime, and make sure employees have a way to reach out to IT in the event something goes wrong.
- Schedule updates: With many employees sharing bandwidth with roommates, spouses, and kids, both our infrastructure and home Wi-Fi signals are tapped out. That makes downloading large software patches and OS updates extremely time-consuming and frustrating for the individual user and everyone else sharing the signal. Mitigate the bandwidth shortage by scheduling updates to download and install during off-peak hours. Ask employees to leave their laptops powered up overnight, so that critical security patches and other maintenance can take place without interrupting their productivity.
- Offload traffic from the VPN: One of the biggest challenges around limited bandwidth is that the corporate network can only handle so much traffic. If remote employees all try to download updates through the corporate VPN, bottlenecks are inevitable. To overcome that issue, discuss the option of implementing split tunneling with your security team. Split tunneling means internet traffic is routed directly onto the internet and only corporate traffic goes through the VPN. If you can offload internet traffic to the user’s home internet connection, then your VPN will be able to accommodate updates more easily. To ensure machines can still be managed, this would include a period each day where the endpoint can check-in for Group Policy updates, account synchronizations, and Configuration Manager policy to ensure they remain compliant.
- Train employees to be vigilant: While tools are important, there’s no substitute for a vigilant user. Train employees to be cautious of phishing attempts, signals to look for, and how to report suspicious emails or other unusual device behavior. Provide instructions on how to secure home Wi-Fi and tips on how to be mindful of shared device usage. Arming employees with knowledge is extremely powerful and should serve as a strong foundation for any security plan.
- Provide self-service options: In a perfect world, IT would be able to gain visibility over every device, automatically deploy updates and monitor for and mitigate issues impacting device performance, responsiveness, and security. But, until your organization has achieved that, empowering employees with self-help solutions can be extremely powerful. Consider creating an app store experience where employees can download their own approved software to alleviate the burden of hands-on software management for IT. Give employees access to only the applications they need in a secure setting, which puts them in control of when apps and updates take place. Also, using a ServiceNow chatbot solution can automate basic endpoint and software management issues to get employees the help they need, immediately.
- Establish device isolation protocols: No security program is 100% ironclad, so it’s a good idea to plan for the worst. Establish protocols to detect device compromise and automatically isolate it from the network. Immediately cutting off access can substantially stymie the propagation of malware and give IT the ability to remotely wipe the device clean. This capability can also prove useful in the event a device is physically lost or stolen, which may seem unlikely if we’re all staying home, but things happen.
Managing software and keeping systems and applications up to date can be a huge challenge in remote work environments. While we’re under extreme circumstances at the moment, many global companies have employed these tactics, through the use of comprehensive solutions to manage it all, with great success. By implementing smart strategies and safety policies, organizations can protect their endpoint devices no matter where they sit.
Let us know your thoughts on Remote Software Update Management on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!