Follow these 4 steps towards effective patch management.

Some people pray to keep software vulnerabilities at bay. Others patch.

Patching can certainly be a bearish task, but you should never underestimate the importance of keeping your systems current, experts warn. By law, you must protect your customers’ records, notes Christine Washburn, VP of marketing at SilverBack Technologies, a software provider in Billerica, MA.

From a compliance standpoint, patching is something the FDIC is very concerned with, Washburn adds. A recent FDIC bulletin proved that point by announcing new software patching guidance to be enforced through regulators’ examinations. To make sure you don't get caught short, get your patch policy straight. Eli shows you how.

1. Keep An Eye Out
The first step is probably the most time-consuming. You need to figure out which devices need what and when. In other words, you should have "a strict policy of monitoring all of the alert mechanisms" for software patches, advises Joe Lockwood, chief technology officer for COCC, a software development company in Avon, CT.

2. Judge The Threat
Once you know what alerts are out there, set up a team to look at how each vulnerability applies to your system, suggests Lockwood. Ask how severe the alert is in your environment and determine whether the patch is critical, he adds.

3. Test, Test, Test
Faulty patches have been known to cause more damage than they prevent. But "you have a much greater risk of a security incident by not patching than you will have problems in patching," asserts Lockwood. "The prudent step is to make sure you have testing methodology for that patching."

4. Stay On Track
Once you’ve tested successfully, install the necessary patches promptly. And don’t forget to document.