A Guide to Keeping Loaned Administrative and Staff Laptops Fully Patched

For the past several months, businesses around the world have had to make sweeping changes to their IT policies and procedures. The COVID-19 pandemic has essentially ground in-office activities to a halt, forcing organizations to quickly transition their employees to a work-from-home model on a temporary basis. Although there was some optimism these measures would be lifted by the end of the summer, the sudden surge of new coronavirus infections (especially in the U.S.) has delayed the return to normalcy so many have been looking forward to, CNET reported. This has added a new level of uncertainty to an already chaotic business environment, leading many companies to consider moving a portion of their workforces to a permanent remote capacity. 

How businesses are coping with remote work requirements

To provide employees with the hardware and software they need to effectively perform their job duties, organizations are temporarily loaning out laptops and other computing devices to remote workers. While this practice has been an effective stopgap for the sudden and unexpected transition to work-from-home requirements, it’s also introduced unique security concerns into the equation.

Beyond core cybersecurity concerns like malware and phishing scams, IT administrators are also grappling with the need for remote patching capabilities for business software and operating systems. As the SANS Institute explains, patch management is vital for eliminating OS and application vulnerabilities, zero-day exploits and other code-related bugs. Normally, IT administrators would be responsible for ensuring that all workstations have the latest patches installed, but the shift to remote work has been quite disruptive. While loaner laptops and devices may have the latest updates before they’re handed over to employees, there’s no guarantee end users will keep up with future patching tasks. 

The need for proactive patch management is only increasing. One study from the European Union Agency for Cybersecurity found that the total number of software vulnerabilities has grown by the thousands year over year since 2002. Of course, applying patches manually takes time, effort and complete oversight of employees’ workstations – the average IT team takes roughly 12 days to deliver updates across all devices in its network, per research from the Ponemon Institute. Considering the financial and operational consequences of poor patching practices, how can businesses keep loaned laptops secure and up to date?

Patch management for loaned devices

According to the aforementioned Ponemon Institute study, vulnerability and patch management processes have not improved much over the past few years. For one, many organizations are simply unaware of which vulnerabilities can lead to a large-scale data breach. Since the pace of vulnerability-driven exploits is on the rise, companies also have less time to apply patches before being targeted by hackers. On average, organizations spend around $1.4 million annually on vulnerability management activities, including software and OS patching, but these investments have not delivered the type of full-spectrum protection many businesses were looking for. Ultimately, IT administrators must constantly refine their patch management processes to keep up with new threats, reduce unplanned downtime and identify exploitable attack vectors. 

Keeping loaned laptops fully patched and secure against external threats requires a multi-pronged strategy that emphasizes cyber awareness training, device visibility and remote management tools. Automation also plays a starring role in the modern patch management process, helping streamline delivery and reduce the time it takes to get critical patches installed on all in-network devices. The Information Systems Audit and Control Association recommends establishing two lines of defense to ensure updates are applied quickly, and that there are processes in place for when vulnerabilities cannot be patched immediately. Some other useful tips include:

  • Engage business leaders by informing them about the risks of slow-roll patching and the need to evaluate IT vendors on the agility of their management platforms.
  • Establish clear roles and responsibilities surrounding application and OS patching, which is particularly important for remote workers using loaner devices.
  • Work alongside third-party vendors to scale up patch testing, update delivery mechanisms, device monitoring capabilities and threat detection. 
  • Develop alternative vulnerability mitigation measures in case timely patching is not possible, whether due to regulatory, budgetary or staffing constraints. 

Although IT governance policies are crucial for keeping loaned laptops fully patched, it falls on IT managers to ensure all devices are up to date. Allowing end users to manage their own patches can leave gaps in an organization’s security fabric, increasing the risk of data breaches, identity theft and brute-force attacks. That’s where Faronics’ Deploy and Deep Freeze applications can help.

With Deploy, businesses can automate patch updates for Windows OS, Mac and popular business apps like Adobe, Microsoft Office and more. Through a single console, IT administrators can view every device in their network, including loaned laptops, and send batch updates without any need for end user intervention. Paired with advanced patch scanning, Deploy can keep organizations secure against code-level exploits as soon as updates are released. 

Faronics’ Deep Freeze application can also help streamline new loaner laptop setups by taking a snapshot of the computer’s desired configuration. With this level of control, IT managers can prevent unwanted changes and empower users to solve their own technical problems with a simple reboot of their devices. Combined, these two applications provide a simple means of keeping loaner computers fully patched and secure against a wide range of cyberthreats.

To learn more, explore our product pages or start a free trial today.

About The Author

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, expert on Reboot Restore Technology when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.