Minimize the risks of an attack: update the software!

Minimize the risks of an attack: update the software!

Upgrade or die! Our business relies on software equipment that we use to: communicate by mail, use video conferencing tools, edit text or multimedia documents, keep accounts, manage client portfolios or payrolls, etc.

Often, during their useful life, they are found to have security flaws, which could expose our confidential information, serve as gateways to malicious software or give access to criminals with unethical intentions.

To fix these bugs, software manufacturers issue security updates that we need to install to patch discovered security bugs. Are you going to make it easy for criminals using outdated or outdated software or are you one of those who updates and installs security patches? Do you have an update policy?

To avoid security problems you should check and be aware of the existence of updates and security patches for our software. It is also advisable to develop procedures to install them safely and in a controlled way, that is, verifying that they do not cause service interruption or loss of functionality.

What do I need to update?

All software may need to be updated for security reasons, this includes the firmware of electronic equipment, operating systems and computer applications and even the anti-malware programs themselves.

It also affects all types of equipment, including network equipment, videoconferencing equipment, printers, mobile phones and IoT devices. Software manufacturers release updates and patches to improve them, add new functionality and fix security flaws.

If we don’t keep our equipment and applications up to date, we expose ourselves to all kinds of risks.

Out-of-date systems can be used by criminals to break into them and leave them inactive, infect them with any kind of malware such as ransomware, take advantage of their processing capacity to create botnets for criminal purposes or mine cryptocurrencies and steal all kinds of data (access credentials, confidential data, etc.).

How do I know when to update?

First, we need to find a way to be aware of the need to update and patch all our software.

To do this, it is useful to have an inventory of installed software and firmware and manufacturers. If errors or security flaws are discovered, we will have to correct them as the manufacturer tells us in order to guarantee their security.

Some operating systems and applications include the function of automatic updates that it is advisable to activate. This way the program itself will warn us each time there is an update and will allow us to install it or not at our discretion.

In the cases of manual update we have to visit the manufacturer’s page and obtain from it the update verifying that the page from which we make the download is reliable. In the cases in which we have subcontracted services to third parties, we will also demand that the software is conveniently updated.

It’s also handy to set up an alert system to collect warnings and notifications about vulnerabilities, updates, and security patches for the software used.

On the other hand, there are diagnostic tools (look them up in the Catalogue) that check whether the software on our equipment is up to date or not.

Once the pending updates have been detected, we can proceed to install them in all the equipment in a centralized way. This can be useful in environments with a lot of equipment where we want the software installed to be homogeneous and especially controlled.

What precautions should I take when updating?

The technical team will determine when to execute updates so as not to interfere with the company’s operations. Prior to installation, we will consider the usefulness of the new enhancements and the severity of the bugs they fix, as well as the necessary hardware/software requirements.

We must also assess the need for a testing environment where to install and test the updates, to verify that its operation is as expected. This step is recommended in updates of critical applications installed in servers (CMS, web servers, mail servers, etc.).

Before accepting the installation of an update, we will verify if it is possible to undo the changes made. This way, if the behaviour of the updated software does not respond to what was expected, we can return to the previous situation. It is always advisable to have recent backups localized and tested to reverse any changes we make.

Finally, we will keep a record of the updates that have been installed on our systems. In this way, we will be able to have at all times an exhaustive knowledge of the operative software in our equipments.

But all software has a life cycle, so when the time comes it can be obsolete and without official support from the manufacturer. At that time is an easy target for cybercriminals (especially if we are connected to the Internet) and we should stop using it.

Erika S. Moore