Windows System Updates — Best Practices to Keep Your Computer Secure

Are your Windows-based computers up-to-date? Unfortunately, many businesses would answer no to that question. While the Windows update process can sometimes feel arduous–especially for smaller companies–avoiding updates can open you to major security vulnerabilities.

Take the BlueKeep security flaw that Windows announced in 2019, for example. A vulnerability affecting older versions of Microsoft, BlueKeep attacks computers’ Remote Desktop Protocol (RDP), which connects to other computers via a network connection. What’s the risk caused by BlueKeep? Cyberthreats can potentially spread unassisted from machine to machine and devastate networks.

Windows initially released patches and urged updates in 2019. Even the National Security Agency touted the dangers of BlueKeep and advised systems administrators to move forward with necessary patches. Despite these warnings, some businesses delayed or skipped these crucial fixes–and remained at risk for catastrophic harm to their operations.

Instead of leaving your system unprotected, you need a plan to manage Windows operating system updates. In fact, the non-profit Privacy Rights Clearinghouse identifies operating system updates as the #1 step to securing your computer and maintaining privacy and data integrity. Remember: When you run a business you not only store sensitive information about your operations, you also house data about customers. You need to take action to ward off cyberattacks and prevent identity theft.

That’s why you can’t take a haphazard approach to Windows updates.  Make updates part of your regular business routines and minimize downtimes. Engaging an expert technology partner can ensure that you seamlessly update Windows to maximize security and performance.

Establish a Windows Update Policy

It’s essential that you have a clear policy to outline your update process and establish predictable routines. Your policy should include notifications about upcoming updates to your team members so that they can plan work and avoid unnecessary downtime. 

There’s no one-size-fits-all approach to Windows updates. If your organization is small, you may want to schedule a monthly maintenance window where a tech or security expert performs updates on each computer. 

Another strategy is to schedule a monthly update for your company to time with Microsoft’s Patch Tuesday. Occurring on the second Tuesday of each month, Patch Tuesday is when Microsoft releases critical reliability and security updates. By default, Patch Tuesday updates are installed within 24 hours after release, but you can defer them up to 30 days. If you want to execute updates in batches to minimize downtime or perform testing, you can stage Patch Tuesday updates over several weeks.

Also, Microsoft releases semi-annual feature updates. For Windows 10, Microsoft pushes out these updates “around March and September” according to its website. You can choose to apply some or all of these updates to your Windows machines and can defer them up to one year. Keep in mind that Microsoft recommends that you begin deployment immediately after their release.

Finally, you should know that Microsoft occasionally releases out-of-cycle updates, usually tied to major security vulnerabilities. You need a plan to address these atypical updates as well. Do you implement them right away or roll them into your next monthly update process? A robust Windows update policy for your organization can set those guidelines.

Execute Individual or Group Updates

Another consideration is whether you need to ask users to execute updates manually or whether you will perform group updates. If you are a very small company–a solo proprietor or only a few employees–manual updates may make sense. As your team grows, however, you likely want to shift to group updates to ensure consistency across your organization.

For both options, you need to select two settings. The first thing to do is to set “active hours” to indicate when you and others are working. It’s a good idea to set a long stretch of active hours–say 6:00 AM to midnight–to cover any work time in the evenings. That way, you ensure that updates occur between in the early morning hours.

You’ll also need to set when updates are installed after release, but the procedure varies across different versions of Windows operating systems. For Patch Tuesday updates, you can delay them up to 30 days, while feature updates can be deferred up to 365 days after release. By establishing a schedule, you can automate updates and won’t need to check for updates.

With a group policy, you have far more control over updates. Some options are only available for Windows 10–including selecting when you receive feature and quality updates, preventing users from pausing updates, and turning off auto-restart during active hours. 

These examples only scratch the surface of the group update options available. As you can imagine, once you grow beyond a handful of users, managing updates becomes far more complicated. That’s a big reason why some organizations don’t stay on top of updates and open themselves to risky cyberthreats. But you don’t have to be one of them.

Rely on a Trusted Technology Partner for Update Support

It’s easy to feel overwhelmed by the complexity of Windows updates, but establishing a routine can streamline the process. Since many small business owners aren’t Windows experts, engaging a technology partner is a smart move. 

A technology partner can work with you to understand the current needs of your organization and help you plan for growth. You can receive professional guidance to create a Windows update policy that ensures you execute patches and feature releases in a timely way to attain optimum performance, improved reliability, and protection against security vulnerabilities. You can also prepare for the occasional out-of-cycle releases tied to major issues, like BlueKeep.

Without a policy and processes in place, Windows updates can seem like an annoyance that steals productive time. Although you may not always see the importance of Windows updates in your day-to-day work, you can trust that Microsoft is providing value-added fixes and enhancements to Windows. 

What’s the bottom line? Don’t ignore Windows updates, put them to work for you. You can make updates seem less burdensome and more efficient by relying on an experienced technology services provider to handle this mission-critical process for your business.

Need support planning and executing your Windows Updates? The tech pros at Saturn Networks can take on this critical operational task and free you up to focus on your core business. With our expert tech know-how and world-class support, we’ll stand by you through every step of your business journey.

Posted in