Every month we release two new cyber security awareness training videos. One of our latest videos is a reminder to everyone to keep your software updated. If you’ve ever used a computer you have undoubtedly been prompted to update your software at some point. These little, and sometimes irritating, reminders usually don’t come at a convenient time. After all, we’re using the computer. We decide to do it later and eventually we quit noticing them. And the computer seems to be working fine without the updates. Right?
Well, that‘s not really the case. The software might work OK without the update, but unfortunately it could also pose a great threat to your data and be a gateway for hackers to get control over your equipment. Through this gateway they could access and spy on your correspondence, install malware, steal data, spy on you through your own camera, listen to your conversations, hold your work documents ransom and the list goes on.
Our video idea
Our new awareness training video draws a parallel between not heeding the weather forecast and not updating software when prompted. A woman is planning a big party outside despite a rainy forecast. We know forecasts aren’t always accurate and we do tend to take chances when it comes to the weather. Sometimes nothing happens but at other times, everything gets ruined. Not updating your software when prompted is, in a similar way, a bet between you and the flaw in your software. Will it be exploited or won’t it? That’s the question.
Why vendors patch software
When a software is sold it may still contain several bugs and gateways that the vendor might not have even thought about when creating it. Once the software has been launched these, usually small, errors get reported and fixed via patches issued by the vendor. This is when users get a message saying an update is available. The right course of action would of course be to say yes to the update. It’s a simple process that usually doesn’t take too long and it is makes the software safer. So why don’t we do it?
Why don’t we update?
Last May (2019) a widely publicized security vulnerability was discovered in WhatsApp. This vulnerability was exploited to inject commercial spyware onto Android and iOS phones with just a phone call. The scary part: those targeted didn’t even need to answer the call for the spyware to be installed. Once installed, the spyware could turn on the phone’s camera and mic, scan emails and messages and collect location data. Not exactly great news for WhatsApp’s 1.5 billion global users. The really scary part: WhatsApp issued a patch to fix the issue and urged users to update. So did several news articles in the world’s biggest media outlets. A week after the update was made available only around 50% of users had downloaded the upgrade. One enterprise alone still had 5,000 vulnerable devices.
Studies have shown that humans don’t always make out a correlation between the risky behavior and the possible consequences. That’s probably why we’ve still got people who start smoking. The danger is so far off in the distance that it becomes a foreign concept. Something that simply does not happen, at least not to us. When, or if, it finally happens we tend to be surprised and not even realize that it was our risky behavior, aka. inaction to update, that created the problem.
Make updating the software a part of your company’s culture
All companies and institutions tend to handle with sensitive or private information. If not their client’s then at least their staff’s. They handle payments to vendors, payments from customers, payments to employees and often industrial secrets of one kind or another. Every bit of this is valuable to hackers and when it gets in their hands it’s a recipe for disaster.
All companies should have an Update policy in place. It could be as simple as “Just do it when prompted”. Nobody is too busy to update their computer. Everyone is too busy to loose their information and hard work and having to start all over again. And it’s not just valuable time that’s at stake, it’s also money and reputation. Losing money and reputation is bad for any business, that much we know.
Take your security awareness to the next level and try out AwareGO‘s security awareness training videos and software.