We are all guilty of it: ignoring that small orange dot on the power button when you go to shut down your PC, or quickly dismissing the notifications that appear on your phone at the most inconvenient times telling you to install a software update. It doesn’t matter if it’s proprietary software on your business computer or the operating system on your own personal devices at home; I’m sure that most of us can agree that the repeated notifications and system shutdowns make software and firmware updates seem annoying at best. However, many users underestimate how important those updates really are to security.
Software developers continue to work on software well after it is released and periodically issue fixes or patches through software updates. As we’re here in the middle of Cybersecurity Awareness Month, let’s enlighten ourselves with a quick discussion on the several reasons why it’s crucial to regularly update the software on all your devices.
Many updates are billed as “feature updates” that add new functionality or upgrade the UI and aesthetic of the software (or sometimes not – *cough* Windows Metro *cough*). However, that’s the least important reason to install updates. The most imperative reasons to always install software updates quickly are:
- To patch security concerns that will protect the software (and therefore the device/network) from vulnerabilities that can lead to hacks, malware, data breaches, or identity theft
- To make enhancements that fix bugs or improve compatibility issues.
- To fix firmware issues that could cause a device to malfunction.
- To block zero-day exploits.
Patching and updating ensure that you’re running the most current and bug-free version of each piece of software. Even a short delay in finishing that update could expose you to a zero-day exploit newly released into the wild. The more time you wait to do an update, the more vulnerable and potentially incompatible your device will become, causing more frustration and stress when trying to connect with updated software and devices.
If it feels like too much work to regularly stop using your device long enough to install updates, it is highly recommended that you set up automatic updates. This feature can be enabled in your device settings and configured in Active Directory, or set in a group policy by an administrator.
If you work for an enterprise organization, your updates might be managed by your system administrators to ensure that every device on the network passes a health check and has a uniform security posture. Some organizations let the software politely inform you that an update will be installed on the next system reboot, or configure all updates to install during non-business hours only. However, if a critical security update is released, you might not have enough time to save your work before the Windows Update dialog announces that your system will be rebooted. If this is the case, be sure to enable frequent automatic savepoints in your document authoring software.
Organizations should train their device users so that employees understand how vital software updates are to the security of the company. The vast majority of hackers would rather infiltrate an organization for data consisting of thousands of customers’ personal information, instead of a single person’s information. Individual users may be low-hanging fruit, but enterprise data banks are the real target for more determined hackers.
Installing software updates can feel like taking a vitamin: something beneficial but optional. In reality, they’re a vaccine and penicillin shot rolled into one protective package. Never ignore your software update – but always remember to save your work first.