Update Your Software and Apps

You know those update notifications you routinely get on smartphones and computers — the ones that often appear as one of many things to add to your never-ending to-do list? People typically respond in one of two ways: 

• Camp 1: You despise them. In fact, seeing them makes you grumpy, it adds to your stress of things undone and unmanaged, and your mood noticeably improves only when your smartphone or computer is free of these tiny notifications telling you updates are available.
• Camp 2: Tiny notifications telling you updates are available? Whatever. You’ll get to those once you take care of the tiny notification alerting you to your 10,437 unread emails. 

Whether you’re a vigilant resident of Camp 1 or relaxing about in Camp 2, we have a bit of advice: Software updates are vitally important, and they can literally save your digital life. 

We’re talking about the importance of software and app updates during this third week of National Cybersecurity Awareness Month, which may be one of the easiest ways you can help keep yourself safe from the bad, bad actors who are out there trying to steal your information — and keep your customers safe too, if you’re running a small business. 

Below, we’ll discuss: 

1. Why software and app updates are vital to protecting your information
2. The steps you can take to ensure updates are easily, routinely accomplished
3. Red flags to watch for as you consider software updates

Ready to explore the wild world of software updates? Buckle up! 

Why Should I Update My Software & Apps? 

We live in a world where information is available at the click of a button. And one piece of information that threat actors are often looking to exploit: software vulnerabilities. 

Software companies proactively communicate about vulnerabilities they discover for the good of their users — they’re alerting them so that they’re aware of the need to update their systems with supplied patches. 

But guess who else is paying attention to these alerts? Threat actors, who are looking to exploit those vulnerabilities before you even have a chance to fix the problem. 

Enter the urgent need to update your software in a timely manner. 

“As a small business, if you are running in-house software, it is critically important to keep it up to date,” advises Aaron Boigon, Plumas Bank EVP and Chief Information Officer.

“Outdated software is an easy attack vector — keep all apps, software, and operating systems you are running up to date, no matter what type of device you use. I suggest leaving the auto-update feature turned on as this tends to be the easiest way to stay on top of regular updates. Do not forget to consider all computers, laptops, and mobile devices that have access to your data.”

Boigon explains that threat actors see outdated software as an opportunity — an open invitation for them to exploit the vulnerabilities that the software companies are trying to warn customers against. 

“In fact, a lot of the major breaches you hear in the news are multi-stage. If a threat actor manages to gain access to a system, they may get in the door due to phishing, but then they often seek to exploit known vulnerabilities in unpatched systems.”

(PS Phishing is a topic we’ll explore more next week — stay tuned!) 

Do we want to openly invite threat actors into our systems? Of course not. So here’s how to rescind those invitations. 

How Do I Ensure My Software Updates Are Happening?  

Fortunately, software and app updates are sometimes passive — meaning you’ll get a notification that an update is available, and with the click of a dramatic red check mark or similar alert, the software will automatically update. 

“However, small businesses need to have a plan – software patch settings need to be verified and the status of system updates checked periodically,” Boigon notes, adding that there’s a difference between a passive alert and an active command to install the update. 

Keeping your eyes open for notifications — and responding to them in a timely manner — is one step. But in cases where alerts aren’t offered, you need to be a bit more proactive. As the National Cybersecurity Alliance advises: “If you can’t automatically update it, remind yourself to check quarterly if an update is available.”

Turns out, your calendar is your best friend. Just as you change your toothbrush quarterly or the air filters in your home, you should also set a quarterly reminder to check your in-house software websites for any updates they may be offering. 

How Can I Ensure Software Updates Are the Real Deal? 

Unfortunately, just as there are hackers out there trying to exploit vulnerabilities in existing software, there are also cybercriminals out there proactively luring you into actions that will make you susceptible to being scammed. 

The National Cybersecurity Alliance warns that you must be on the lookout for fakes, often in the form of urgent pop-up “warnings” to download software. 

Here’s their advice: 

“Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured, or it could contain malware.”

When you’re not dealing with those annoying pop-ups — but instead with notifications from the software that you indeed have — simply verify that the updates are coming from trusted websites. 

“Make sure that you only download software updates from those trusted sources,” Boigon recommends, describing these as the website of your software developer or device manufacturer — and not a pop-up window demanding immediate action.

A Final Call-to-Action for Software and App Updates

While ensuring software and apps are updated may seem like a no-brainer for some (this is easy for our Camp 1 residents), it’s common to “dismiss” these reminders, or even push them off until an undefined “later” point in time. 

But the Cybersecurity & Infrastructure Security Agency (CISA) advises: There’s no time like the present. 

“Don't delay — if you see a software update notification, act promptly. Better yet, turn on automatic updates,” advises the CISA’s website, one of the primary resources for National Cybersecurity Awareness Month. 

In addition to enabling multi-factor authentication and using strong passwords, it’s just another way to protect yourself and your customers from untold (and very real) digital dangers. 

Need more tips? 

CYBERSECURITY PRO TIPS