For over 20 years we have been on a never-ending cycle of being told that the software we use has bugs or issues and that it has been fixed in an update or patch. But those updates have had a tendency of breaking something else, and the whole cycle begins again. In the worst cases a bad operating system update has left users without a working computer and people have become weary of updates, even to the point of refusing to install them. How many times have you restarted a computer only to realise that there were updates pending, and now you have no idea how long it will be before you can use it again to get on with some work?
We are told that 80% of network breaches could have been avoided if the available software patches had been applied, so why aren’t we applying them? Is it because the software developers live in a bubble? With such high-end hi-spec machines and networks that updates do take 10 minutes rather than an hour. Or that they do not have anyone to answer to if a system is down due to an update as their customers are not affected. It would explain why they seem oblivious to our problems with updates. But updates are like taxes, the longer you put them off, the worst things get as it all piles up. If you do not install security patches, you run the risk of potential infections, which are far worse than endlessly being told that an update has been at 100% for the past 15 minutes. If companies like Microsoft addressed some of these annoyances and gave us actual progress feedback, we could get on with something else.
Unfortunately, after 20 years the feedback has got worse, so we need to approach updates with strategies to reduce the inconvenience they cause. Small things like leaving your computer logged out rather than shutdown at night, or restarting when you leave work. Schedule updates to be applied in the middle the night, and if you can, invest in a patch management solution. Ultimately, a second device like a tablet or laptop (preferably with a different operating system) allows you to get on with some work while the updates are being applied.
We will be releasing A Practical Guide to Cyber Security for Small Businesses in September/October. For more on books on cyber security and ISO27001, check out the ISO27001 section of our webshop.