Update, patch, bug fix
When was the last time you updated your browser, Microsoft Office, Zoom, or that one-off application that you’re using for something important? How about the operating system on your phone? Now is the time! While you’re at it, you may want to configure automatic updates. For most people automatic updates will be the most secure choice. Even with automatic updates configured our software may not always complete the process successfully. It is important to check the current version and compare it to what you’re running.
In their 2023 Cost of a Data Breach Report, IBM asserts that breaches attributed to known unpatched vulnerabilities resulted in an average cost of USD $4.17 million. This makes auto updating all the more attractive. A well documented change or patch management process is the best way for you to regularly update to all of the necessary software. It’s critical to be aware of our responsibilities for maintenance when acquiring software from third parties and have an update plan in place. It is also important to maintain a software inventory. How can you secure or update something if you don’t know you have it?
Updating regularly is good cybersecurity hygiene
Think of all the devices in your home that can reach the internet. Even if you’re not a futurist with a toaster that sends a text when your breakfast is ready, you likely have a few devices around the house that connect to the internet like a smart TV or an Amazon Echo. Those devices could pose a significant risk to the security of your home network if they aren’t being patched. Get in the habit of checking your devices for updates when you first add them to your network. Enable automatic updates when you download and install new software, and opt in to messages from the vendor about updates.
Updates tend to show themselves at the most inconvenient times, so it is important to pick a good time on a recurring basis. Think about checking for updates while you’re doing some vacuuming – unless there’s a robot handling it, then you’ve got no excuse (and it’s time to update the vacuum). Many applications including Chrome and Edge come with the ability to restore your current state once restarted, so close all those tabs in the same window and reopen them all at once!
End of Life (EoL) software—is it safe?
There comes a time when companies stop supporting older devices and software. Companies in competitive markets tend to give ample warning because they’ll be pitching you a new product, but that faithful app that continues to provide value may be tough to let go of. Your 2002 licensed copy of Adobe still works, and you might really like the way Windows XP is laid out! Sadly, older software can lack current industry standard security protections like adequate encryption. It’s not always planned obsolescence that forces us to new devices but a constant game of technological cat and mouse with bad actors. Some EoL software may not be as easy to spot, or to figure out how to update, and we need to target those IT resources in our units for replacement.
Information Security is here to help
While you’re thinking about it, drop a recurring reminder in your calendar—one while you’re working and one while you’re at home—to go through your devices and check to see if they need updates. Check online for a guide if updating isn’t intuitive. If you find a device or software that is out of date or vulnerable in your unit, please reach out to secadmin@udel.edu and we can work together to secure it. If you know you have software that is no longer supported but is necessary for your unit, please submit a Security Policy Exception Request here. We can assess and track the associated risk and add compensating security measures to mitigate residual risk and Secure UD!
Some common updates to get you started
Browsers
Mobile OS
Computer OS