By Maria Eriksen-Jensen, VP of Business Development and Marketing
This month is Cyber Security Awareness Month, The theme is “Our Shared Responsibility” - because making the internet safer is just that. Using this as a stepping stone I would like to give some attention to the specific area of PC software security, security updates, and the confusion/ misunderstanding I often hear when asking people why it is they don't treat their private PC with the latest security updates. They say:
- “I didn't know it mattered!”
- “It takes too long and I'm busy!”
- “I can't figure out how to do it!”
- “I don't have to, because it makes no difference”
… and to this, I tend to reply:
- Consider yourself enlightened - it does matter!
- No, there are solutions out there to help you. And are you really too busy to make sure you are secure online?
- Do not despair - there is help out there. It is actually fairly straight forward.
- Hmm, please give me a chance to explain (please continue reading) - and what better timing than during Cyber Security Awareness Month.
To try and help people fully understand my four (very direct) replies above - and why it ultimately is a very bad idea to skip the security updates - I think we need to clarify and give answers to the following:
1. Yes, private PC users do need to deal with security updates - which are…?
A security update is in fact a “security patch” that removes a vulnerability that has been identified in a software program. A vulnerability is a flaw in software code, that can be exploited by hackers.
The short answer: If you do not update your software with the latest security update, you cannot be sure that it is secure. Software has vulnerabilities, and these vulnerabilities work as a potential open door to your computer for hackers, who exploit these openings to gain access to your computer and everything on it - including your bank and credit card details, your passwords, and all your social media activity.
As NorSIS also states: ”Software programs that aren't updated are one of the most commonly used methods by criminals to take control of private PCs. It is incredibly important to keep the programs updated.”
Try and have a look at this video to get a very basic explanation of the ‘vulnerability threat' - you want to be like Tim ?
2. No, all your software is not automatically updated
Some software vendors do - for example Microsoft Windows Update. However, for the vast majority of non-Microsoft programs such as Adobe (that you use to read PDFs), QuickTime, and Java (that you might use to run your online bank application) you need to take deliberate actions to ensure that vulnerabilities have been patched and your PC is secure. (*)
3. No, security updates are not about features
Security updates are not about cool new program features. They are about protecting your PC, ensuring that you have the version installed where the identified code flaw has been removed. So you do need to bother.
4. Yes, you and your PC are very interesting targets to hackers
They are not after you personally - they just want your data, your passwords, or your ‘identity'. And sometimes they actually ‘just' want to take control of your PC so that it can be used as a ‘host' and be part of a larger attack (a botnet, for example).
5. No, you are not untouchable
Short version: No one person knows enough about what software vulnerabilities are around at any given time to be able to protect themselves. It only takes one vulnerability in your PDF reader, then you opening an infected PDF attachment - then you've granted access…
(*) If you don't want to spend a lot of time checking for software security updates, you can download Secunia's free Personal Software Inspector (PSI 3.0) - if you want to it can even auto-update for you.
I would love to hear what you think
If you know of other reasons, or feel a need to address other misconceptions/ understandings, please share them here.
VP of Business Development and Marketing