There are a number of fundamental habits and disciplines you need to adopt for cybersecurity. Right at the top is having an automated, or semi-automated, system for patches and backups. The more systematic and automated you can make this process, the better. However, be careful. Always provide plenty of checks and balances in place to monitor the integrity and success of the process. Otherwise, you forget about the process only to find that when you really need it, the backup or patch didn’t happen as planned.
I was reminded of this again this morning when I read an alert about new (August 2019) patches from Microsoft addressing, among other things, a few vulnerabilities with remote desktop services. What struck me was we knew about these patches before I read the article, because we wrote a set of Powershell scripts to automate our backups and notify us about available patches.
Our Powershell scripts run nightly. They backup our critical systems and data, encrypt the backup files, move them to a geographically remote server, and store the files locally. Upon completion, the script sends an email each night letting us know if the process was successful, or where it failed. Further, the script also lets us know if any Windows patches are waiting and uninstalled. We’re reminded to login and check the description from Microsoft to evaluate when we need to schedule installing the patch.