It’s annoying—an alert to upload the latest operation system because of a security patch? Really? Another one? Is my security really an issue here?
It seems like a waste of time. Except.
Except it only takes one hack to leave all your accounts vulnerable. It just takes one piece of malware to leave information exposed and your business or personal accounts devastated.
Plugging security holes is a constant battle, and one being fought in the trenches every day. You don’t see most of these threats. Most viruses and cyber attacks are thwarted before they come near your system.
Most viruses and attacks. But not all.
Ignoring security patches is risky and irresponsible at best. At worst it’s the end of your business.
We related the details of the infamous Equifax breach in a recent blog post. As we wrote, Equifax was aware of a hole in their system and given the security patch to fix it, yet did nothing. The result? 143 million Americans put at risk and the company in deep water.
The Never Ending Quest For Security
According to an article on the site TopTenReviews.com, “When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal you need to perform recommended updates.”
Just like medical viruses, software viruses are always evolving. Like a flu shot must change every year, a security patch for one attack is likely ineffective toward a new, and potentially more devastating one. Your operating system, antivirus and other applications must keep up. Updates serve to:
- Fix security holes
- Optimize the existing operating system resources
- Add newer and more secure features
- Remove clutter by deleting old and unused security features
- Update drivers to increase software efficiency
The Experts Say …
Internet security company Heimdal Security recently interviewed a number of cyber security experts. Their agreement was unanimous: patching is not optional. The days of putting antivirus software on your computer, and then calling it a day, is long gone. That’s because, back then, computers were mostly individualized with little contact from the outside world. Networks didn’t share open data.
Times have changed.
Why is software so vulnerable? Per the above article, Mathew Pascucci Cyber Security Specialist & Privacy Advocate at Front Line Sentinel relates, “Software is vulnerable because it’s being pushed to market quickly without proper vulnerability testing, either statically or dynamically. Users of the software should have automatic updates for all software enabled and verify that it’s as up to date as possible.”
From the same article, Ivanti Principal Security Engineer & Evangelist Duncan McAlynn says, “Software, like everything else in life, isn’t perfect. Unfortunately, we can’t patch humans. Whether software developers or end users, they’re both flawed. We live in an imperfect world. Adjust, adapt and overcome!”
Be Ready for The Worst
As long as there is code and valuable information others want, there will be risks and vulnerabilities. Security innovation is not optional.
A recent blog post by the Principal Program Manager for Office 365 Customer Experience, Ross Smith IV, addresses this. Says Mr. Smith, “Microsoft recommends adopting a software update strategy that ensures all software follows N to N-1 policy.” In others words, back-up everything. Mr. Smith recommends this for all products, including operating systems, software and applications, hardware drivers, and firmware.
No matter how diligent there is no way to assure 100% protection. Employees will have lapses. Short cuts may be exposed. That’s why redundancy is perhaps a business’s most valuable defense. Can malware be removed without deleting data? Does ransomware need to be paid to access your files? A significant, repetitive and continual backup plan is vital to ensure your business continues to run regardless of outside forces.
Do Anything But Ignore The Problem
If you close your eyes, the problem won’t go away. Only by being proactive can you assure the best defense. Ross Smith IV says, “Another concerning trend I witnessed is that customers repeatedly ignored recommendations from their product vendors. There are many reasons I’ve heard to explain away why a vendor’s advice about configuring or managing their own product was ignored, but it’s rare to see a case where a customer honestly knows more about how a vendor’s product works than does the vendor. If the vendor tells you to configure X or update to version Y, chances are they are telling you for a reason, and you would be wise to follow that advice and not ignore it.”
So when that annoying security patch comes along, don’t ignore it or put it in your “I’ll take care of it later” pile. Perhaps a bug has already been discovered. Or, more likely, the possibility of a vulnerability has been defined and changes need to be made to assure nothing infiltrates your system.
A security patch may be a nuisance, but the alternative is far worse.
A Partner Can Help
If you are uncertain how best to protect your business from cyberattacks, Single Path has your back. Our security specialists know the ins and outs of network security, offering security offerings from data loss protection to infrastructure patch management. We can dig deep and look at your entire technology structure, providing expert advice, ongoing analysis of your needs, and the certainty your information is protected. We know that the best solutions are those that involve minimal effort and maximum peace of mind.