Wednesday, 16 October 2019

Why Are Software Updates (or Patches) So Important?

Software updates (or patching) is familiar to us all. Unfortunately, many businesses are using out of date versions of the software they use daily.

Software updates (or patching) is familiar to us all. We’ll update the apps on our mobile phones with some regularity and the same should apply to all the software applications we use on all devices we use.

Unfortunately, we find that many businesses are still using out of date or older versions of the software they use daily.

It’s important to keep our software and operating systems up to date. This isn’t just so we can access and use all the new features available but, perhaps more importantly, in order to ensure that cyber criminals can’t exploit vulnerabilities within the software.

New vulnerabilities are uncovered in technology all the time. In response, technology vendors race to produce patches or updates to their software and get them to market so that those vulnerabilities can be closed.

The danger comes if you don’t keep patches up to date, because those vulnerabilities remain. Worse, because they are known, the risk of them being exploited by cyber criminals or hackers increases.

What should you do to implement best patching practice?

Maintaining a good and comprehensive approach to patching is important.

Cyber criminals use weaknesses in software and apps to attack your devices and steal your data and, potentially, your identity. Software and app updates are designed to fix these weaknesses and installing them as soon as possible will keep your devices secure.

Sometimes an update can cause unintended issues elsewhere as has been witnessed with Microsoft and other updates in the past few years. Ideally, you should test patches before rolling them out, but often there is a balance to be struck between rapidly updating and cautiously testing software updates.

Update to the latest versions as early as you can, and the recommended timescale is stated to be commonly within 14 days. If you’re a business and know software is due to be retired, start preparation for migration as early as you can.

There are often unforeseen implications for any upgrade or migration – and you don’t want to be left using a piece of software that is no longer being updated and is, therefore, left unprotected and vulnerable to malicious exploits. Software that is no longer supported by the vendor is a prime target for criminals.

We also recommend enabling automatic updates for software wherever possible. Using a patch management tool or service can also help to ensure this continuous process can be quickly and easily enacted rather than slip down the list of priorities. This is good practice for all the apps and software you have installed on all of your devices.

If you are a business and outsourcing your IT, your provider should be managing the most commonly-used software updates for you but you need to be sure this is being carried out and have evidence that regular updates are being applied. Other software vendors specific to you should be helping you to patch or update their applications regularly too.

In summary, we can’t stress enough the importance of updating because, as the NCSC points out, “whilst patching alone won’t magically make you secure, failing to do so is the best way to undermine an otherwise secure design.”

 

Whether you patch your own software or outsource it, please contact us for more information.

Patching is one of the five areas covered by the Government’s Cyber Essentials scheme. We can assist your business with this certification however your IT is supported.