One of the most important policies you can put in place to maintain a safe operating environment for your end users is security patch management. Keeping on top of security patch management may seem like a simple concept, but it is often overlooked as a measure to prevent exploitation and mitigate the risk of outside intrusion into client computers. The assumption that built in patch agents are sufficient to keep software updated is a misconception as those agents often require user intervention or approval to install the security patches.
Depending on an unreliable method of patch installation is not practical in an environment that demands precision in the way security measures are handled. A security patch management policy should be written and distributed to all computer users explaining the expectations of the IT department regarding security patch management and the steps they should take when the computer prompts them to download or install patches. While there is no guarantee that this security patch management policy will be adhered to by all users, it does increase the odds that patches will be kept updated on a greater number of machines than if there we no security patch management policy in place at all.
Still, depending on built in security patch management is a bit tricky in a business layout. If possible, investment should be made to relegate security patch management to a server based system that pushes necessary patches to machines automatically and forces their installation. This provides a surefire way to keep machines safe when browsing the web and reading emails and also provides the IT department with feedback regarding the success or failure of patch deployments to specific machines. However you choose to handle security patch management, the goal of requiring updated patches on all computers should be made explicitly clear.

About the Author

Research about security patch, try pcpatching.com.