Smoke alarms, auto-pay, and security updates

Risk management is not something you want to leave as an afterthought.

• You probably have a routine to keep your smoke alarm batteries fresh — like changing them when you change your clocks for daylight saving time.

• You probably have a way to keep your car insurance premiums current — like putting them on auto-pay.

It’s great. You don’t have to think about it. Or remember it. Or risk putting it off. And important stuff gets done.

But what about software security updates?

CiviCRM releases security updates a few times a year. So do Drupal and WordPress.

But unlike insurance premiums and battery replacement, these security updates come on an unpredictable schedule.

If you don’t have a system in place to make sure they get installed on a timely basis, it’s easy to be unaware of them. Or put them off. Or forget about them.

That’s why thousands of site owners regularly fail to apply these updates in a timely manner – and as a result, thousands of those sites get compromised by hackers every year.

Here’s the thing:

It’s not easy to keep up with this stuff, until you make it easy.

You can subscribe to CiviCRM’s Security Notifications list to get advance notice of security updates, and then plan accordingly. (Drupal and WordPress have similar offerings.)

You can assign a member of your internal team to be responsible for performing security updates.

You can subscribe to Joinery’s Proactive Security Updates service and let me handle that for you. (Or hire some other CiviCRM Partner to handle it.)

Whatever it is, make a system, and stop putting off these updates for lack of a plan.

It’s just one more worry you can cross off your list.

And who doesn’t want that?

All the best,
A.