Cyber Chat – Software Patching

Software updates keep the pain away

My husband is a runner. I am not. Anyone who knows us, knows this well. But, when it’s marathon season, it’s marathon season for our whole family. My husband trains, but my kids and I turn into his personal cheer squad, whether we are along for the run or not.

As my husband started to lace up his shoes for his second World Marathon Major in the past few weeks, I asked him if we needed to tape up anything on his legs. You see, in the racing world, kinesiology tape (also known as K tape) is used by runners to avoid further injury if they have a certain pain or weakness that could get worse with running. You may see black tape crisscrossing down someone’s legs or even their shoulders or arms as running is actually a full-body sport.

Patches are cybersecurity’s K tape

In cybersecurity, our tape is a little different than the flexible tape used by athletes, but it still has a similar purpose. Our tape is known as a patch or even software update. Rather than prevent a pain or weakness from getting worse, patches and software updates are tools used by technologists to protect against known technical vulnerabilities (or weaknesses) within a computer system.

Why are patches important?

Vulnerabilities or bugs in a computer system or software are common. No matter how diligent a software developer is, there is bound to be some type of flaw that is found after the software has been released. You aim for near perfection, but perfection cannot be guaranteed.

Even as a writer, you write an article. You review the article. You have your colleagues read your article. You run it through a grammar tool. Yet, somehow you still manage to say “now” instead of “know” in a sentence and you only catch it after it’s been published. Happen to anyone else? No? Just me?

The fact is we are all human, and while software may not be human, it is still written by humans. And even if something is designed with no flaws or bugs, someone somewhere will figure out a way to use a seemingly innocent feature for nefarious purposes, which will then result in that seemingly innocent feature to need to be redesigned — and a new patch or software update to be released. It’s a vicious cycle.

So, it’s important to know that any software you use can, and likely will, have an update or patch available at some point. And you want to know about any potential vulnerabilities or weaknesses in the programs you use… hopefully before a hacker or other threat actor does. By knowing about them, you can protect your computer from having that vulnerability exploited by applying a fix for it in the form of a patch or software update.

What is a software update? How does it differ from a patch?

Many times, you may hear “software update” and “patch” used interchangeably. Though they’re similar, they’re actually two different things. A patch is a type of software update, but not all software updates are patches. A patch addresses a specific vulnerability in software. A software update may address a vulnerability, but it can also address new features or other fixes. You may also hear software updates referred to as security updates, automatic updates, application updates, patch code, patch updates, bug fix patches, hot patching and so on. 

Why should you update your systems?

If simply knowing that your software has a vulnerability isn’t enough to compel you to regularly update it, consider the following other reasons:

Protect your data

Depending on the software you use, you may be storing your personal information with that software either in the form of a document or just as an input of using it. Without fixing any potential security bugs in the software, that personal information could be available to people you don’t want accessing it.

Protect others

Besides your own data, if you don’t update your software and it becomes infected with malware (malicious software), you could pass that on to others that you regularly communicate with. More often than not, malware infections do not stay contained to the single program that let it in; they spread to the entire device and even through your communications (like emails or text messages), infecting any unsuspecting recipients.

Make your life easier

While patches are designed to fix security vulnerabilities, some software updates may also contain updates that will help make your life easier. Maybe the login process is now streamlined and it’ll be faster to log in. Or maybe the latest update has given you more options for the emoticons at your disposal. You just never know, but accepting your system updates will not only keep you protected, but also more connected.

What can you do to keep your software and devices updated?

As our friends at the National Cybersecurity Alliance remind us this Cybersecurity Awareness Month, one of the easiest ways to keep your information secure is to keep your software and apps updated. And the main ways to do that are:

Update often

When a patch or update is released, it is usually for good reason. And the longer you wait to apply it, the longer your system is at risk. Running your system updates often — think once a week — helps ensure you keep that amount of time your system is exposed to a minimum. When possible, consider using patch management software or at the very least building a patch management process for your company or organization. This helps ensure critical patches and automatic software updates are applied in a timely manner.

Get it from the source

Like most things in cybersecurity, as we — the good team — learn more about these cybersecurity risks and how to protect against them, so do they — the bad team. This means we need to ensure that we only apply patches and updates from the actual company that developed the software we are updating or a reputable partner they have authorized to offer it. Otherwise, you may think you are protecting your system, but are actually making it even more vulnerable.

Make it automatic

While it may sound like a fun idea to set a weekly reminder on your phone to update the apps on your phone, update your computer, and update all the smart devices in your house, it may get to a point where it’s too much. In these cases, make your updates automatic. If given the option on your device, activate the “automatic” update option so the updates are applied as they are available. You may still need to reboot your device, but this is so the update can take effect. When you see one of these reboot messages, don’t delay. Finish any critical tasks you are doing, but then restart. The sooner you restart, the sooner you can ensure you are protected.

I’m sure my husband wishes he could have K tape applied automatically to his legs, so he didn’t have to think about whether he needs it or not. But thankfully the beauty of technology allows us to automate where we can, so we can focus our mental memory on those items we can’t. While it’s likely my husband didn’t quite realize we were having a cyber chat when he was preparing for his marathon, his wife’s automatic updates on her devices allowed her to track him securely throughout his race and show up to cheer him on throughout his route.

Additional resources:

Read the first Cyber Chat post.

Learn how Jurassic World can teach about multi-factor authentication.

Understand how to use strong passwords and keep them secure.

Get weekly blog updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our blog with this weekly digest.
OK
NEW
V11A

Eliminate Data Loss
Eliminate Ransomware

#1 Backup and Recovery