Cyber-Attack Warning: Why you should NEVER skip software updates

Software updates

Have you ever been guilty of snoozing those update notifications that appear on your PC? Unless you’re all set to auto-install, which many users aren’t, there’s every possibility you’ve put off vital updates because those notifications have appeared at an inopportune moment when you’re right in the middle of something urgent. But the truth is, if there’s an update pending, it’s usually of vital importance. There is a reason for it, and it’s not there to be ignored.

What are software and system updates?

Updates perform a variety of tasks. Some are specific to particular software applications, whilst others are for our operating systems. There are updates that sweep up features that are out of date, whilst others install new and improved ones for improved efficiency and added functionality. Some updates put new drivers in place, whilst others fix frustrating bugs. But perhaps the most important updates are the ones that handle security flaws.

What are security flaws?

Security flaws are vulnerabilities in the integrity of an operating system or software application. Hackers know just how to exploit these vulnerabilities. They do this using malware, a type of code that’s installed on your PC when you click on a link or download something.

Once malware has infected your PC, it has the ability to compromise data, take control of your PC or use software differently to how it should be.

A particularly dangerous form of malware is ransomware. Ransomware has the ability to encrypt a victim’s files, rendering data inaccessible. The attacker then demands a ransom from the victim in exchange for restoring the data. Sometimes this ransom can be significant, often millions of pounds. The threat made is that failure to pay will result in systems being deleted and data sold online.

Malware and ransomware most often originate from phishing scams, emails prompting recipients to open an attachment or click on a link. Once downloaded or clicked, the malware is installed, taking over the PC.

Some forms of ransomware are particularly aggressive, infecting computers without the need to deceive users in this way. One such security vulnerability is BlueKeep, discovered in May 2019 to be affecting older versions of Microsoft Windows.

As soon as the BlueKeep threat was uncovered, Microsoft urged in the region of a million users to apply a security update. The warning was reinforced by the UK National Cyber Security Centre and the US National Security Agency. The trouble was that users running Windows 2003 or Windows XP would not have automatically received the updates, as those operating systems were ‘out of support’. We’ll take a look at the risk that poses a bit later on.

Why should I install software updates?

Once an update is released, hackers everywhere become aware there is a security flaw ready to compromise. As fast as software developers are devising methods to stop security attacks, so hackers are finding new routes in.

Your data and files remain at risk unless you have installed the latest updates. Everything you store digitally: images, videos, files and databases may all be potentially exposed to hackers.

Some strains of malware are able to totally wipe documents from a hard drive, or copy them to a remote server. The WannaCry epidemic that hit in 2017 will remain on people’s minds for some time. Huge amounts of personal data and documents were held hostage. In many cases, the compromised systems had not been kept up to date.

Keeping operating systems and software updated is vital if you want to avoid threats like these.

What does ‘out of support’ mean?

Microsoft only provides support for operating systems and software applications for a limited timeframe.

Support for Windows 7 for example came to an end on 14th January 2020. After this date, anyone running this operating system stopped receiving software or security updates, bug fixes or technical support. As a result, users became susceptible to a range of cyber threats, including malware and ransomware.

The recommendation by Microsoft is to upgrade to the latest version of Windows, or subscribe to Extended Security Updates.

In addition, from 13th October 2020, support for Office 2010 will come to an end. After this date, Microsoft will no longer provide technical support, security patches or bug fixes for its Office suite of products, such as Word, Excel and Outlook. This includes security updates that could protect a PC from viruses and malware. Software updates via Microsoft Update will also cease, there will be no more technical support, and most online help content will be retired.

The risk here is that there will be a heightened chance that malicious third parties will have discovered and exploited any security vulnerabilities, especially as more time passes. This could expose your files, users and potentially data to considerable cyber-security risks.

If your business is still using Office 2010 in any capacity, this is the ideal opportunity to switch to Microsoft 365. Not only will you unlock many new features and apps, you’ll also be protecting your business from security vulnerabilities.

Why update legacy systems?

Does your organisation still use legacy infrastructure, perhaps because a move to a modern system would involve a great deal of upheaval and cost?

The downside of using such systems is that, apart from lowered productivity, the exposure to cyber-security risks is worryingly high. Microsoft says that Windows XP for example is six times more likely to be infected with malware than more recent versions of Windows. Certain legacy systems can’t be security patched, or no patches are available at all.

Such risks have the potential for reputational damage, lowered profitability and reduced competitive edge. Legacy systems are also subject to costly maintenance. Upgrading is therefore the wisest option.

Stay up to date, stay safe

The importance of keeping your systems updated with all the latest operational and security patches cannot be stressed enough.

Switching on automatic Windows security updates is the best way to stay safe. Upgrading to the latest versions of an operating system and software will also ensure you have the best possible chance of reducing your business risk.

Ready to make the switch to Microsoft 365, or to move your legacy infrastructure to a modern system? Talk to KP Computer. We’ll assess your individual IT requirements, and then devise a solution that will serve you well into the future, keeping your systems and data as secure as possible.