Software and app updates contain vital security updates to help protect your devices from cyber criminals.
Cyber criminals use weaknesses in software and apps to attack your devices and steal your identity.
Why is this bad for businesses?
Software and app updates are designed to fix these weaknesses and installing them as soon as possible will keep your devices secure.
An example of a cyber-attack that took place as a result of software updates not taking place was the recent Microsoft Exchange email flaw, which the National Cyber Security Centre (NCSC) estimating 7,000 servers had been affected.
When the global security issue within Microsoft’s Exchange email system - a platform used by many small organisations, big-name corporations, and public bodies around the world - surfaced last month, the flaw was at first exploited by ransomware groups to gain access sensitive data.
Microsoft put out an announcement advising all users to download the latest updates, which lead to additional criminals also identifying the flaw, with widespread attacks then ensuing.
Ransomware causes a total lock-out of a user’s data by encrypting it and rendering a computer system unusable. This is accompanied by a displayed message demanding a fee, with a threat of the data being stolen and/or deleted if there is failure to comply.
The NCSC also reported that such malicious software had been installed on 2,300 machines which they helped businesses remove.
What can I do?
If your business runs as a result of being connected to the internet, you must keep computers, devices, applications and software patched and up to date, and where you can, add the use of two-factor authentication with strong passwords.
You can follow these simple steps for updating software and installing patch updates:
Consider replacing devices that are no longer supported by the manufacturer with newer models. You can look online to check the support expiration date for your current device.
Update all apps and your device’s operating software whenever prompted
Set all software (including anti-virus) and devices to update automatically
Turn on your anti-virus (AV) product and check it’s up to date. It detects and removes any viruses or other malware (malicious software) from your device. Don’t switch it off!
Make sure the AV is set to automatically scan all new files such as those downloaded from the internet or stored on a USB stick, external hard drive, SD card or any other form of removable media
AV products aren’t necessary for smartphones or tablets, as long as apps are installed from official stores
Here is a short video of helpful tips for software updates and patching:
Gaining your Cyber Essentials certification is also a great way to help make your business safer and out of the hands of cyber criminals.
In particular, Cyber Essentials Control Area 4 focuses on Software Updates and the importance of why you should update and patch your software and devices.
Watch our Getting to Grips with Cyber Essentials, Episode 4 to learn how you can strengthen your business’s resilience to software and patching related cyber attacks.