The first time I was told by a computer security guru that I needed to patch my computer, I thought, “Why? Is there something that will leak out?” To put it mildly, at the time I was not very computer savvy. However, in my defense, I wasn’t too far off by asking that question.
A service patch is a piece of computer code that is added to an executable program to fix a bug or vulnerability. Sometimes these bugs aren’t realized until after the program is released. It’s these vulnerabilities that put the unpatched systems at risk. Cyber criminals count on individuals and businesses failure to patch their applications.
According to the online security magazine, ZerodayNet, Java vulnerabilities currently account for over 50 percent of attacks, with Adobe Reader not far behind with 25 percent. The number of attacks with Adobe is expected to drop with the advent of automatic updates in the latest version. Vulnerabilities in Microsoft products continue to be discovered. Cyber criminals know about these vulnerabilities and take advantage of them. While it is not an easy challenge for administrators, making sure current patches are installed is much easier than eradicating malware on your network.
Okay, you say you’re not a techie and you wouldn’t know a patch if it hit you in the head? That’s okay. You don’t need to be a super geek to be able to protect yourself and your network.
There are some things that the basic user can do to ensure an updated machine. A very good practice is configuring automatic updates in Windows to ensure you’re getting periodic updates. Still not satisfied? Good! Now you’re thinking security! So here is good news, Microsoft has a free MS Baseline Security Analyzer to scan and tell you if you’re missing patches. It will also help you download and install those patches. A quick search of the internet can probably tell you if other executable programs have patches available and, like Microsoft, most of them have tools that will help you install, or automate the updates.
The biggest problem of not updating your patches is obviously the security risk. Your systems can become vulnerable to hacking attacks, network breaches, and viruses. Cybercriminals are not just in it to cause you headaches. They’re in it for the money. Recent reports estimated that hackers have taken $12.5 billion in 2011. Citigroup lost 2.7 million in 2012, and Sony was hacked to the whopping tune of $171 million. While the big boys may be able to survive a loss like that, how many small companies can survive the loss of thousands? Even the smallest loss to fledgling companies could be catastrophic.
So, if your company is small and doesn’t have a dedicated IT department, take the time to educate your employees on patch management and set aside some time weekly to update. If your company is big, it still wouldn’t hurt to meet with your IT department and emphasize how important this is. An active interest by management will help make your priorities, your staff’s priorities.