Especially Joomla! Updates 3.4.6 and 3.4.7 released in December 2015, which closed serious vulnerabilities in Joomla! show how important updating your Joomla! Website at time with the release of updates is. As it became known, these vulnarabilities were exploited to infect Joomla! Websites with a variant of the dangerous ransomware TeslaCrypt. see also: http://heise.de/-3052441 and http://heise.de/-3114184
The updates in Joomla! are unfortunately not yet, as with current WordPress versions already introduced, fully automated. You must login yourself in the backend to start the updates manually, the same for the updates of foreign extensions.
If you don't want to spend time and effort to find informations about the releases of security updates for your Joomla! installation, I recommend you to take my maintenance contract service in account. I care not only about the timely completion of the Joomla! Updates but i.a. for updating all foreign extensions, which are also potential entry points for malicious code, as has been shown in the past.
Take me into account!