Even the best technology contains security flaws. Good vendors will fix those flaws when they become aware of them often through software updates.
Those updates help people to stay safe but they also alert cyber criminals who may begin to target the new flaws to compromise anyone who has not installed the fixes.
That puts pressure on the need to quickly install all available updates.
Zero-day attacks are, broadly-speaking, those that target flaws which have no available fix. Their novelty means they garner the most media attention but they are rarely used in most cybercrime.
That’s because most organisations do not apply software updates completely or in a timely manner opening themselves to attacks that target old flaws which are often more easily and reliably targeted. In 2017, the WannaCry attack targeted outdated versions of Windows causing untold widespread financial and reputational damage.
Small business owners should never think they are too insignificant to be attacked. Lots of cybercriminals target small businesses to defraud finance, steal and hold data to ransom, and more.
According to a study from Export Finance Australia, upwards of 43 percent of attacks target small businesses, exploiting the often softer security controls with nearly half (48 percent) of Australian SMEs spending less than $500 annually on cybersecurity (Australian Cyber Security Centre Small Business Survey [PDF, 4MB]).
The easiest way to solve the problem of updates is to set them to be automatically applied. This is available for lots of software and systems from website plugins to routers and CCTV but may need to be manually enabled.
Many types of software and systems companies offer automatic updates.
These include:
This is software that runs business computers or mobile device such as Windows, Mac, iOS, and Android.
These security programs are regularly updated to help protect against the latest malware.
Some applications will automatically install updates while others may flag that an update is available or may require you to manually check for updates. This applies to computers and mobiles.
Platforms used to manage websites including plugins and extensions need updating, along with any plugins and extensions they use.
Hardware and software updates are only supplied for certain time, after which they are regarded as end-of-life and no further security fixes or improvements are issued.
While operating systems like Windows or iOS will warn you if your device is no longer supported, you are unlikely to be informed when most of your devices and software reach their end-of-life date.
In fact, some of your devices may already have reached that point.
They will often run as normal; routers will still ship packets to the internet and back, and apps may continue to work. Worse, a manual check for available software updates may receive a reply that ‘you are on the latest version’, without mention that the latest version was issued years ago and support has expired.
End-of-life devices are likely to be exposed to cyber attacks with risks increasing over time.
This is because flaws in hardware and software are found, reported, and fixed continually. End-of-life means those who continue to run that out-of-date router are permanently exposed to any flaws found in the future.
Search online for the make and model of your devices along with the phrase ‘end of life’ to see if your device is still supported.
Lastly, write the price of upgrading your technology into the cost of doing business. Thousands of Australian small businesses and consumers are right now exposed and are being compromised due to devices running after their end-of-life date.
To help your business be better prepared, here are some best practice tips for managing automatic updates:
Ensure your staff are aware of the need to quickly apply updates and flag any update failures.
Technical teams may need to check update compatibility to ensure they do not cause issues. This is standard in large enterprises with complex and legacy systems. Any issues preventing software updates must be examined to ensure mitigating security procedures are in place and the update is not simply ignored.
By applying updates as fast as possible your business may avoid very large and costly breaches.
Insights and tips for small and medium businesses to boost productivity and empower teams.
Insights to help you review your cyber security strategy and help you protect your business and customers.
