For Cyber Awareness Month, the American CISA (Cybersecurity & Infrastructure Security Agency) has defined four educational topics for discussion. These are under the “See Yourself in Cyber” theme, meaning they are under individual responsibility and possible to attain through awareness and practice.
Here are the topics:
- Recognize and Report Phishing
- Update Your Software
- Use Strong Passwords
- Enable Multifactor Authentication
This week, we’ll cover something many people fail to relate to security: why software updates are important.
Are software updates about performance or security?
It is a common misconception among users that software updates are all about new features or improved performance. Although many developers highlight this in their marketing to keep users engaged, security is one of the most important roles of software updates.
Criminals are constantly finding ways to breach software security and steal data or install malware in users’ computers.
Vulnerabilities exploited by criminals before developers have a chance to update the software to protect users from them are called “Zero Day Exploits.” These were accountable for two-thirds of all malware threats between October and December 2021.
So, in a scenario where attackers are constantly looking for breaches in software and developer is regularly patching their programs to protect them, updates are more than just new features: they are the best defense for your data.
Best Practices in Sofware Updates
Now that the importance of software updates is established beyond performance, what is the best way to approach it? Even updating the software is not risk-free because attackers explore this necessity to trick users.
Some rules of engagement are necessary to ensure that users perform these updates safely and without any hassle.
- Automatic or manual updates? Choose automatically whenever the developer allows you to choose, and most nowadays gives you the option. Automatic updates will enable you to schedule them conveniently, and you won’t have to remember, allowing it to update as the releases come in.
- The origin of the software determines its safety. Unlicensed, pirated, or copied software does not have access to updates and patches, making your computer vulnerable. A “cheaper” alternative may compromise your data to the point that you will incur much higher costs.
- Download updates from legitimate sources. Ignore any “your software needs updating” prompt you see on websites while browsing. These are 100% fakes and doorways to cyberattacks. Software updates come from the software itself, not from external sources.
- Whenever in doubt, ask the developer. Developers publish release notes, and if you feel an application is too important or holds information that’s essential to your privacy, ask the developer which steps they take to ensure the product is safe. If you’re not convinced, change the product.
Software is another entry point for attackers to access our data and the organizations we work for. Therefore, the importance of software updates cannot be overlooked, no matter how unimportant we feel updates are to the application’s performance.
If you want help to make sure your employees understand the importance of software updates and other security awareness topics, check out our Ally training solution. Ask for a trial today!