Updates & Patching
Computer software changes frequently; not only are there major upgrades to your most-used software, also minor to these programs. Microsoft famously has held “Patch Tuesday” to ensure updates are made regularly. If you are a university system user, perhaps you’ve been “LanDesk’d”.
Often, your system asks you to stop what you are doing, and prompts you for an annoying update or reboot, seemingly JUST at the least convenient moment. Why?
The short answer is: bad guys.
Software manufacturers don’t want to interrupt the use of their products, or make then more difficult to use. They wouldn’t ask you to upgrade without good reason. Chances are, bad guys found a vulnerability in their software, the manufacturer fixed it, but YOU need to install the fix.
You don’t need to search far to see the carnage of major companies that failed to patch or update a system and were breached because of it. In September 2017, Equifax, one of this nation’s top three credit agencies, announce a break of private information belonging to 143 MILLION PEOPLE! How did this happen? Failure to patch.
Equifax traced the breach to failure to apply an upgrade patch to their servers. The manufacturer of the technology that was compromised notified users of the vulnerability four months prior to Equifax’s breach, and provided an update to close the security hole. Equifax failed to install the update.
As a result, many senior executives lost their jobs, millions of customers must deal with the real threat or consequences of identity theft and the company faces the possibility of closing its doors. Why? They didn’t follow the simple rule of keeping security patches up-to-date.
Think about this example when you use your own technology. Do you put off those pesky updates? Do you hit the proverbial snooze bar on your update notifications? DON’T PUT YOURSELF AT RISK. Unless you don’t care about being pwned.
How to stay safe
Most software allows you to check back with the manufacturer regularly and automatically. Microsoft, for instance, automatically pushes updates, whether on a cadence (Tuesdays) or more frequently if it has urgent releases. Your mobile device will prompt you regularly to accept updates.
Below are some resources that may assist if you wish to be even more proactive: