You’re at work on your device and a pops up comes up saying, “a software update is available”. You’re busy, so you click “cancel” instead of “install”, thinking you’ll get to it later, but you never do. Sound familiar? In many cases, we’re so used to updates changing things that we like or are used to that we’re actually reluctant to ever install them. So what do software updates have to do with security?

Software updates are important because they often include critical patches to security holes. New vulnerabilities are discovered all the time, both by malicious ‘black-hat’ hackers and ‘white-hat’ hackers, who are paid by software developers to find security issues in their applications. Once these vulnerabilities are discovered, the software developer releases a ‘patch’ to fix the vulnerability.

These ‘patches’ are what are contained in most software updates – and they fix issues that would otherwise have left your system vulnerable to hackers getting in. Any new patch will alert more hackers to the existence of the problem – leaving your system at more and more risk the longer you fail to install it.

How do patches work?

Software patches occur when developers are made aware of issues with their software, or want to add new functionality to their software. These could be usability issues (e.g. something not functioning properly) or security issues (e.g. holes in the software that could be exploited by hackers). The process normally looks something like this:

1. A software developer releases a new product;
2. Attackers find vulnerabilities in the software;
3. The developer releases a patch to fix the vulnerabilities;
4. Once you download and install the patch, you are protected from attacks that take advantage of the vulnerabilities.

Not all patches will contain security updates, but many do. This is because attackers are constantly looking for new vulnerabilities in software, and vulnerabilities may not be immediately obvious. While a fix is being worked on for one issue, another one may come to light, leading to a succession of minor security updates.

Most patches will make it clear that there is a security update, and recommend that you install it as soon as possible. Software will usually have a built-in feature that checks for updates, and alerts you if there is one available to download. However, some software may have this functionality turned off by default, requiring you to enter a menu to initiate an update check.

Patching & updating in the workplace

In the workplace, patching is an essential part of ensuring that devices and systems remain secure. Most modern businesses make use of many different types of software in order to complete their daily functions – this could be handling payroll, billing clients, maintaining databases, or creating text documents. The operating system itself (e.g. Windows) is also a piece of software that requires updates, and hardware such as routers will require updating from time to time.

This means that a company’s IT team has many vendors, and consequently a lot of patches to manage at any given time. These will usually be delivered in one of three ways:

• Scheduled Patching – This is where the IT team can schedule the deployment with minimum business impact, either out of hours or at least outside of peak time.
• Automated Patching – This is a regular patch cycle typically associated with an important vendor, which is carried out as soon as possible. Microsoft is a good example of this.
• System Reboot Processes – Some patches will require a reboot of your machine to take effect. This can be time-consuming and, at times, inconvenient, but it is important to remember that doing this will help secure your machine and data.

What happens if I don’t install updates?

There are a number of potential impacts of not patching and updating your devices. The most common is that it provides an opportunity for cyber criminals to infect your machine with malware.

Many problems are solved by patches when only a few attackers are aware of them, and the malware used to exploit them is in its infancy. When more cyber criminals become aware of the issue, they will develop more malware, and increase their efforts to infect people’s devices.

As a result, attackers could:

• Steal your personal and financial details in order to commit fraud.
• Steal sensitive company information, such as intellectual property and customer data.
• Infect your computer with ransomware, extorting you for money in order to regain access to your files.
• Facilitate identity theft in order to apply for bank accounts, passports and other documents in your name.
• Monitor your emails and other communications.
• Infect your computer with Trojans, so that it can be hijacked and used to launch DDoS attacks, or for cryptocurrency mining.

Businesses who suffer attacks as a result of security flaws may also be forced to show they are compliant with data protection regulations if they suffer a data breach. If found to be in breach of these regulations, businesses may not be fully covered by liability insurance, and may be subject to regulatory fines.

Try these 3 easy tips for software safety

• Read reviews before downloading any software, and check that you are downloading it from the software itself or the provider’s official website. Cybercriminals like to distribute phony applications designed to steal your information, so always ensure that it is safe to install.
• Be aware that updating your software is crucial, and not something to be put on the backburner. This will protect you from threats. If an automatic update notification appears, save your work and take the opportunity to get a coffee or stretch your legs while it finishes – or schedule it while you’re on your lunch break.
• Turn on auto-update for software on your devices and computers, when possible. For software that doesn’t update automatically, regularly check for and install available updates – this feature can often be found in the About or Settings menus.

We hope these tips and information have given you the knowledge and confidence to keep your devices updated, and your data safe from harm. For more information about updating your devices or any other security concerns, don’t hesitate to get in touch.