You may remember from the first post of this series that the word “security” originates from the Latin roots of “se” and “cura” which literally means “without care”. Wouldn’t we all like to be secure and not have to deal with all this security stuff?
Current attacks leverage vulnerabilities in software between 53-62% of the time (Kaspersky and Ponemon Institute, respectively). This means that an attacker can craft a specific exploit for your system that may require little or no interaction from you to let the adversary access data or services on the device.
First, we have to understand that software is not limited to the apps you use. Here are some of the types of software that need to be managed:
• Operating System (OS) – such as Windows, MacOS, Android, Linux, IOS
• Apps – Software that’s installed within the OS, like Adobe products or web browsers
• UEFI/BIOS/Firmware – Embedded software that comes on the device and loads the OS
And then we have to review the sorts of devices that need to be considered for updates:
• Computers of all shapes and sizes, whether laptop, desktop, server or NUCs
• Portable devices – tablets, phones, wearable devices, some gaming consoles
• Network equipment – wireless routers, switches, firewalls, network storage devices
• Internet of Things (IoT) – printers, smart TVs, gaming consoles, appliances, media streaming devices
Any of the devices above may be found in your home or office. It’s likely that everything on this list can and should be updated regularly. Here’s some advice about how to handle all of it, so that you can “feel no apprehension” about this effort:
• Set your device to update automatically whenever possible.
• Update regularly, but beware the bleeding edge (monthly is a good approach)
• Maintain a device inventory and use it as a checklist (good for insurance, too!)
• Monitor the news for major issues that affect software or systems you use
I once read about the importance of making your bed in the morning, and the sense of accomplishment that it brings by starting your day with a to-do item you can check off. I use this approach whenever I pick up a device…I “make my bed” by checking for OS updates first and foremost. If any are found, I take the time to install them, restart the device if necessary, then return to your original task. This keeps your software updated, and adds to your sense of productivity early and easily.
Remember, software updates provide more than just security. Many developers can fix bugs, add features, and improve usability and stability of software by releasing new versions of the code. As more developers adopt frequent updates, support for certain version mixtures (like a new app on an old OS) become problematic and eventually unsupported. For example, when an iPhone iOS version goes out of support by Apple, apps like Okta Verify and Google Authenticator will also end support for that OS.