Everyone hates updates, whether its your mobile phone, laptop or PC. You only ever see they’re available when you’re about to use your machine for something else, so it’s never “the right time”. You hit “cancel” or “remind me again in 7 days” and forget about it.
This means many people will end up leaving it for weeks, months, even years, without updating their operating systems.
Often, one hears statements like “I only use my computer for email and browsing the internet and its fine how it is. So, I don’t really need to update it”. How wrong they are.
While major updates to operating systems do sometimes include new features or improvements that will benefit power-users, their main purpose is to increase stability and patch vulnerabilities in the operating system that could be putting your and your company’s data at risk.
You may have heard of the Equifax breach, where the personal information of 147 million people was leaked as a result of a security vulnerability. This was the largest known data breach in history. Shockingly, the vulnerability that was believed to have caused this had already been addressed in a patch released two months before the breach even occurred! That means the largest data breach in history could have been avoided if all of Equifax’s machines had their operating systems kept up to date.
As Equifax now weighs up the consequences of this breach, a multi-million-dollar settlement with the Federal Trade Commission, an additional $475 million set aside to deal with potential lawsuits from customers and the notable knock to their reputation, it makes the inconvenience of sitting through a software update seem fairly minor by comparison.
On the other side of the Atlantic, several NHS hospitals’ networks (among other large organizations) were crippled by the WannaCry ransomware attack. Almost 20,000 appointments were cancelled, including vital surgeries, and the total cost of the attack is thought to be close to £200million. In the aftermath it was disclosed that machines at some hospitals had not been updated in 17 years.
Both of these incidents show the damage that can be caused by failing to secure your network properly. While updating your OS is only one part of a comprehensive IT security regime, it is a vital one.
It is recommended that if you are an individual user you should set your machine to automatically update, and if you have to wait a few minutes while it updates, then wait!
The problem becomes manifestly more complex for companies and like all problems in business it scales. The larger an organisation is, the more machines are on their network. The more machines on a network, the more potential attack vectors there are. Rather than relying on 10 or 100 or 1000 employees to update their machines correctly, diligently and not to hit “cancel” when they’ve got a deadline to meet, it is far better for them to entrust the management of their machines to a managed service provider.
By handing over the responsibility for their IT to a dedicated IT support provider, organisations can ensure that updates to their operating systems are deployed correctly and consistently across their entire network at the same time.
IT is vital to almost every business, but not every business is an IT business or has IT skills. Relying on staff to update their own machines is a recipe for disaster. Not every company can afford the downtime, reputational damage or hefty fines that a breach results in.
Always remember to update your operating systems, either by yourself or with the help of an IT specialist and remember, if a single machine in your business is vulnerable, then your business is vulnerable.