Cyber Security Awareness Month: Installing Updates to Fix Bugs and Vulnerabilities

Cyber Security Awareness Month was established over 20 years ago to provide resources to help organizations and their employees stay safer and more secure online. This is an opportunity to focus on four key behaviors that will help everyone stay safe throughout the year:

Creating strong passwords and using a password manager
Enable multi-factor authentication
Software updates
Detect and report phishing attempts

Each of these key behaviors is necessary to keep organizations, their customers, and employees safe.

Protect your digital assets by installing updates regularly

Many organizations implement multi-factor authentication to prevent unauthorized access to their networks by requiring long unique passwords and multi-factor authentication. Organizations can add an additional layer of security to further strengthen their information security system: the patch management process. These updates not only install important security patches, but also provide computers and other devices with the latest features. How can organizations ensure their network and devices are protected with the latest patches and updates?

Implement an update protocol. Part of this protocol should be the implementation of an inventory system managed by the IT team to track devices and systems to confirm that updates and patches are applied consistently across the organization. As part of this process, the team first tested each update on a small group of users to confirm that the update did not cause problems with the organization’s network and applications. Once compatibility is confirmed, the update can be rolled out to the entire organization.
Stay tuned for updates. Organizations should be aware of upcoming updates to prepare for implementation. Create an email group to subscribe to automatic notifications from software vendors and schedule regular review sessions to discuss and plan future updates. If the vendor or supplier does not send emails with update details, assign a team member to regularly check their website or speak with the vendor’s account manager.
Install all updates as soon as possible. Security updates and patches are released to address bugs and vulnerabilities in operating systems and devices — any delay in installing updates increases the risk of leaving a vulnerability unpatched. After updates are announced, there is a limited amount of time to act before hackers learn how to exploit security issues and bugs.
Force update for mobile devices that connect to the corporate network or access corporate data. Many organizations allow employees to use their personal mobile devices, also known as Bring Your Own Device (BYOD), to check work email and access data. Using a mobile device management system, organizations can track device software versions to reduce security vulnerabilities. To ensure the security of these devices, organizations should require employees to regularly update all devices with network access. If employees do not install the latest version of the software on their devices, the device management system may revoke their access to the company until the device is updated.
Educate employees about the dangers of delaying or ignoring device updates. Even if an employee’s device does not have direct access to company email and data, a compromised personal device can still pose a risk to the organization. For example, employees may log into corporate email through a web portal on their mobile phones, thus opening the organization to compromise. Train employees to set up automatic updates for their devices and all applications to improve organizational and employee security, especially to travel.

Software errors and vulnerabilities can open an organization to malware and unauthorized network access. Implementing multiple layers of security—creating strong passwords, enabling multifactor authentication, and installing updates—helps protect an organization’s network and its sensitive information.