Cybercrime is a real and growing threat, with the global cost of online criminal acts expected to surge to £18.10 trillion by 2027 according to data from Statista. Whether it’s a government, a business operating globally, an NHS Trust or a local education facility, criminals don’t discriminate, no matter how big or small an organisation, it’s simply based on how easy it is to gain access into their online system. And this is where the need for cyber security comes in to protect such systems, computing devices and sensitive data from hackers looking for an easy way in. Yet, no matter how secure you believe your resilience to be, there still may be vulnerabilities.

What is vulnerability management?

Vulnerability management is a regular and proactive process that keeps your computer systems, networks, and applications safe from cyber-attacks and data breaches. So, what do you need to be doing as part of this process? Here some tips from the National Cyber Security Centre (NCSC):

1. Install updates promptly when notified. Consider turning on automatic updates where available. Remember that automatic updates might only occur if the device is connected to Wi-Fi, connected to power, powered on at a specific time of day, has sufficient storage, and/or isn't too far out of date. Some updates might require the device to be manually restarted. If a device hasn't been restarted in a while, then the update might not be installed.
2. Make sure you regularly backup your data - before you update is an ideal time to do this.
3. If you have a large number of devices, you might want to test updates on a small number of them before updating all of them to make sure the apps you use continue to work after the updates. But don’t delay for too long - criminals can work out what the original vulnerabilities were and attack those that haven’t been patched.
4. Check occasionally that your device is keeping itself up to date, as automatic updates can sometimes break (e.g. if you have low storage on your device).
5. At its core, software patching is the process of using patches (software codes) to fix issues, add new features, or protect the software from malicious actors. Patches are essential for keeping software running smoothly and securely, addressing not only bugs and performance issues, but also security vulnerabilities.
6. You should include a verification process to make sure that where a vulnerability has been fixed, you have verified it is no longer present.
7. Third-party penetration tests are a good way to verify that the vulnerability management process is working as it should. The NCSC has guidance on penetration testing
8. Regularly review your vulnerability management process to keep pace with any changes in your organisation, for example, an architectural change which makes more services internet facing. New threats or newly discovered vulnerabilities are additional reasons to keep reviewing. Subscribing to security alerts from vendors, suppliers and services you use will alert you to developments that you can then reflect in your vulnerability management process.

Police Cyber Alarm is a capability that can support and augment a Cyber Security regime. Police CyberAlarm is a free tool that adds another layer to your cyber defences. It’s designed to work alongside your current network security devices to analyse suspicious data that is being sent to your systems by sources on the internet. As a member you receive regular vulnerability scans for known vulnerabilities and monthly reports on suspicious activity, so you can take action and is a good way to check your level of online security after patching. Learn more and register your interest in Police CyberAlarm.