Nate Howe
October 29, 2020
Preventive maintenance is important in many areas of life. Doctors recommend exercise, good diet, proper sleep, and an annual physical exam to ensure that people remain healthy. If you own an automobile, you know that oil changes, tire rotation, and annual inspections are needed to avoid breakdown and expensive repairs. Yet, when it comes to proactively protecting computing devices, people are more willing to skip the single most important task: routinely install software patch updates!
Do you have an Apple or Android device where you installed a software update? Most people have had this experience. You patched your device! Patch updates are not only for security. Sometimes, they improve system performance and offer new features. It makes a lot of sense to get the benefit of the patch updates, plus we can make life harder on cybercriminals.
Let’s talk about what “patching” means. Think about a hole that is leaking – a patch would be used to stop the leak. Our computing devices have holes, too. These holes are vulnerabilities resulting from mistakes that software programmers make. Complex software might contain thousands of vulnerable holes but the products are brought to market, regardless of the presence of vulnerabilities. Manufacturers and software publishers know that the vulnerabilities can be “patched” later on, so they don’t bother to fix every mistake before selling their products to you.
It seems crazy to think people would use a computing device with vulnerabilities, but that happens every day. Fortunately, some of the vulnerabilities never get discovered. But for the ones that do get discovered, patches are made available to “close the holes” and make the software safer. But this depends largely on your willingness to install the patches, rapidly and frequently. The sooner the better, because cybercriminals act quickly to exploit vulnerabilities as they are published. I have often said that I would rather run a fully-patched computer with no antivirus utility, rather than depend on an antivirus utility to protect an unpatched computer.
Some of the largest data breaches in history, including the compromise of Equifax, had failure to install patch updates as a root cause. Lack of proactive security protection is a problem for businesses AND home computing users. According to Verizon, many security incidents resulted from vulnerabilities that were left unpatched for more than 1 year. It is irresponsible to allow a system to remain vulnerable for so long when a free update would have prevented the cybercriminal from gaining access.
Fortunately, you don’t need to be an IT expert or software developer to patch your computing devices. It’s usually easy to do and provides significant benefits for just a few minutes of your time. Occasionally, patch updates can be disruptive, so keep in mind the importance of having data backed up, just in case something goes wrong during patching. Backups are also important for other reasons, in case your device fails, gets stolen, or becomes infected with malware. Many of the following devices are already in our homes and need to receive preventive maintenance with patch updates:
Consider enabling automatic update features where available. Next time you see a message asking you to “update now,” consider making the time. Some devices won’t tell you they need an update, but learn to check their configuration and apply updates if available.
The Information Security Office (ISO) is dedicated to helping you work and study productively while enjoying your computing devices! Contact us anytime with questions.