Patching your software is kinda like going to the dentist: you’ll probably be fine if you put it off for a bit, but the longer you wait, the greater the risk that your grin will solely consist of gums. In case you aren’t familiar with it, a patch is an update to a piece of software. These updates often include fixes that might improve the user experience, lead to a new feature or two, squash bugs, or, more importantly, address security flaws. This is only magnified when it concerns your business.

Microsoft Office for Mac reminds me on a fairly regular basis that it needs to update its suite due to “critical security” fixes. Most people, myself included, can get annoyed by this constant prompt: it’s distracting and disruptive, requires me to shut down every program (e.g. PowerPoint, Excel, Word, etc.,) in Office, and it seems to happen almost daily. It’s tempting to put off the update for another day or just minimize it and ignore it. Although there’s software (such as security solutions) that can help to protect you, I want to break it down on a more basic level to explain why patching is important.

A screenshot of Microsoft Autoupdate

Autoupdate for Microsoft Office for Mac 2010

 

Let’s address those reasons not to update/patch:

  • The prompts to update are distracting and annoying: Microsoft isn’t pushing those notifications to simply annoy you, it’s doing it because (as you’ll read below) it’s tremendously important.
  • I have to stop what I’m doing and shut everything down: In order for the new software patch to go into effect, the application or machine must be restarted. Microsoft Office needing to shut down completely is the same story as your Apple computer or PS4 needing to restart to install updates.
  • It happens almost daily: This should concern you. It’s not difficult to find news regarding hackers targeting Office users: a zero-day vulnerability (an exploit that the vendor doesn’t know about) installs ransomware on users’ machines and charges $810 to unlock it. A bigger company or popular applications such as the Office 365 suite  is going to be the targets of many attacks which is why the business application behemoth is such a frequent target.  

With those points in mind, let’s continue forward and take a look at some common pieces of software that patch themselves and some software that doesn’t. It’s important to think of this article as akin to something you might find a Wikipedia: a place to start your search, but not the place to finish it. There’s plenty of information out there regarding patching and I’ve put some links at the bottom of the page for further reading.

Software that updates/patches itself

Apple OSX, Windows 10 (albeit awkwardly), Adobe Flash, and many more are all examples of software that periodically checks to see if it’s up-to-date. These are often called ‘autoupdaters’ and are usually somewhat customizable. Most autoupdaters allow you to determine the frequency that the software checks for updates/patches, and whether you give permission for it to update itself. For example, you might choose to have your autoupdater check daily and allow it to install when available.

You’ve also probably noticed that your Android or iOS device also periodically pushes notifications letting you know that some apps need to be updated. Updating is as easy as tapping the screen, but it’s also a good idea to pay attention to the permissions (especially on Android) that the application needs. For example, your weather app shouldn’t need access to your photos, contacts, call history. As a business device (more below), it’s even more important that you pay attention to permissions and updates.

The thing to keep in mind with software that updates itself is:

  • Schedule the program to check for updates regularly
  • Don’t procrastinate installing the updates
  • Keep an eye on permissions (especially with mobile apps)

Auto update isn’t an option

These days most big software companies should have their programs set to update, however the tricky part is sometimes they don’t. In many cases this has to do with firmware, which refers to read-only permanent software (essentially: not to be messed with) that is made for hardware such as printers, routers, or even memory cards. Unfortunately, there’s not much incentive (in a short-term financial sense) for manufacturers to spend much of their time getting customers to update their firmware. It can be a little tricky, but it’s necessary in order to protect your business. I’ve listed off a few common items that would be found in an office, but nearly any smart device is vulnerable and should be patched.

How to update your firmware

Note: Different companies will likely have to different ways to update their firmware, below is just to get you started. You should always consult the the hardware maker’s website for more info.  

Routers – Most routers have the option to check for a firmware update. To do this, you’ll need to log into your router. In order to do this, you’ll need to connect via a laptop or mobile device. Usually this involves typing in an IP address into your web browser and then completing a prompt to log in with your router’s administrator credentials.

Printers – Generally speaking, these are going to be trickier than your router because you often don’t have the option to login and tell the printer to update itself. Instead, you’ll have to go the manufacturer’s website, select your printer model, download the patch or driver, and then you can usually install the update at least one of three ways: ethernet, wireless, or USB.

(Smart) TVs – A TV or monitor might not come to mind as something that needs to be patched, but as TVs are growing smarter (e.g. able to connect to networks) they require firmware upgrades just like your router and printer. Like the printer, you’ll have to go to the manufacturer’s website in order to download the file and later install it on the TV. For example, Samsung smart tvs require you to go to their website, download the firmware update, plug the USB device into your TV, and select an option from your Samsung’s menu to begin the update.

A note on mobile

Don’t forget about it! According to Skycure, a mobile security company, three percent of enterprise iOS devices and 5.7 percent of enterprise Android devices are infected with malware. It found that “nearly one in every three enterprise mobile devices are rated medium to high risk of exposing information.” One Android malware maker was reportedly making a cool $500,000 per day.  Mix that with the growing rise of people using their personal phones as their work phones and people using unsecure third-party marketplaces, and you have a recipe for trouble. Aside from making sure the apps you use are up-to-date, you should also consider device management software for your company, which can help protect important parts by separating personal and business data from one another as well as providing an overview of the activity of your company’s mobile devices.

Wait, what about SaaS/cloud apps?

Technically, the autoupdating apps mentioned above are all distributing their updates via the cloud. However, “pure” cloud apps such as Salesforce or MailChimp don’t require you to download any large program to your computer, so the update will be delivered in a manner similar to the autoupdaters mentioned above. This is part of the selling point of cloud software: in the past, “on premise solutions” required you to install and host all the software within your company. It was (and still is) expensive and instead of updating your software, you bought the next upgrade, usually on an annual basis.

To sum up: SaaS/cloud will (for the most part) update themselves, but keep an eye on the update release notes to see what’s changed and been addressed.

Further reading

Hopefully this article has left you with a sense of why you need to make sure you have your software patched. If you have someone dedicated to IT in your company, they should be keeping an eye on this. If you don’t (actually, even if you do!), then take it upon yourself to learn how to update your hardware. It’s not difficult, takes up very little time, and there’s a plethora of information out there to help you through it. I’ve included some more links here for you to check out and find more info on patching:

  • How to Upgrade Your Wireless Router’s Firmware And Why You Should – A fantastic breakdown by Andy O’Donnell, who runs About.com’s net security section, that provides an indepth look at how to upgrade your router, change the administrator password, and more.
  • What is Malware and How to Protect Against it – A breakdown of Malware from Kaspersky Lab that gives a nice overview of malware (with a video included), who is behind it, and some general tips on how to protect you and your business against it.
  • IoT Reality: Smart Devices, Dumb Defaults: Security expert Brian Krebs writes about the lack of security in connected devices and he uses a hackable thermostat as an example. It’s a little bit technical, but every business owner should be aware of this before buying a smart thermostat, smart fridge, or any other “smart” device.