With cybercrime on the rise, maintaining a regular schedule of updates and applying critical out-of-band patches as vulnerabilities are discovered are paramount to maintaining the integrity of security in your organization. Ransomware attacks netted criminals an estimated $5 billion in 2017, using exploits that were originally found by the NSA. As security flaws become increasingly weaponized, performing regular security and platform updates and maintaining regular tested backups are critical steps to ensuring the continued smooth transaction of business operations.
While there is no magic button to press to keep everything secured, the best course of action is knowing the components that require updating and having a plan to make sure updates are applied.
SEE: System Update Policy (Tech Pro Research)
Securing and updating workstations
Keeping Windows updated is something of a Herculean effort. Compared to OS X, where OS and app updates are all handled in the Mac App Store, and Linux, where updates are provided via the package manager for your distribution, Windows requires a lot of additional legwork to make sure every aspect a computer is up to date.
The most efficient way is using Windows Server Update Services (WSUS) to distribute core OS updates. This reduces network load by only downloading updates from Microsoft once and distributing those updates to each system on the network from your local server. For laptops and prebuilt PCs, vendor-supplied software such as HP Support Assistant and Lenovo System Update can be used to automatically check for updates to Intel ME or AMD PSP, system BIOS and firmware, and hardware drivers. Apps installed via the Microsoft Store can be updated through that interface, though most other applications like Firefox and Chrome have their own internal update mechanism that operates when the programs are launched.
SEE: Cybersecurity in an IoT and mobile world (ZDNet/TechRepublic special feature ebook)
Securing and updating mobile devices
For the iPhone and iPad, staying up to date is relatively easy, and the device lifespan of Apple devices is fairly long. iOS 11, released in September 2017, still supports the iPhone 5S and first-generation iPad Air, which were released in September and November 2013, respectively. iOS automatically handles core operating system updates, while the App Store ensures that individual apps are kept up to date.
For Android, staying current is somewhat more complex. Carrier-exclusive or subsidized devices likely require carrier approval for OS updates. On some carriers, like AT&T in the United States or NTT Docomo in Japan, devices are required to update only on the mobile network—preventing updates while roaming or connected to Wi-Fi. For organizations with employees who are frequently traveling internationally for extended assignments, using unlocked phones without this restrictions is highly recommended. Additionally, carriers may hold back updates for any number of reasons, so devices on different carriers may have completely different software versions.
To add to the confusion, not all OEMs handle updates at the same pace. Google’s second-generation Pixel phones are guaranteed three years of platform updates, while the business-focused BlackBerry Priv received only one platform update, and security updates were stopped exactly two years after it was launched. For Sony, LG, Samsung, and Motorola, the frequency of updates and length of support depends on the tier of the phone. Flagship phones tend to receive longer support, with mid-range phones at an almost equal level.
Do you have a process in place to ensure that all software updates are systematically applied in a timely fashion? Share your advice and experiences with fellow TechRepublic members.