https://www.salier.com.au/post/why-is-it-so-important-to-the-security-of-your-business-to-keep-the-software-up-to-date-on-all-devic

In my previous article, I covered why you’ll hear cybersecurity experts and advice talking about the importance of keeping all your devices and IT equipment up-to-date with the latest software.  Every week, and probably every day, new security vulnerabilities are discovered in various hardware, software and operating systems. Just this month (Jan-25) Apple issued 3 fixes (i.e. patches, software updates) to address security vulnerabilities, Google 39 fixes, and Microsoft 52 fixes.  This article follows on to discuss the practical considerations when keeping your devices up-to-date.

Ensuring phones, tablets/iPads, PC and Macs have the latest software updates

This is generally straight-forward for phones, tablets/iPads, PCs and Macs.  All of these devices are configured out-of-the-box to check for and install any software updates.  However, some may not be updating if…

1. Automatic updates have been disabled for some reason

2. Automatic updates are enabled, but when the device has prompted the user to update, the user has not gone ahead and approved the update to proceed.

3. There is insufficient free space on the device to install the update

4. The device is no longer supported by the manufacturer

Other office equipment can be harder to manage.

Some equipment such as smart-TV’s and printers may pop up a notification when a software update is available, but require a user to approve the update, or even have to manually install it.  This is often skipped by people just wanting to use the equipment, resulting in the equipment not being updated.

Many internet gateways, routers, and Wi-Fi access points cannot be set to automatically check for and install updates, so this needs to be a manual process.

RECOMMENDATION: Ensure that someone in your business and/or your IT Provider is held accountable for knowing when software updates become available, and installing them without delay.

PRIORITY: HIGH.     EFFORT: LOW to MEDIUM.

SECURITY RISK: Older devices!

Manufacturers only support their devices for a few years.  Exactly how long depends on the manufacturer and the type of device, cheap brands being typically the shortest (and often not the most thorough).  Phones and tablets tend to have a significantly shorter support life than macOS on Macs and Microsoft Windows on PC’s.

As an example, Samsung currently supports their phones with security updates for five years, and their tablets for four or five years depending on the model.  At the time of writing, anything older than the Samsung Galaxy S11 are no longer supported.  Apple pledges to support iPhones and iPads with security updates for at least five years, although in practice it has been longer.  At the time of writing, anything older than the iPhone 7 and iPad 5 are no longer supported.

Some manufacturers support their devices for only two or three years … keep this in mind when deciding whether to save money on a cheap brand!

RECOMMENDATION: For each device used for work purposes, and office equipment connected to your network, ensure that the manufacturer still supports it with security updates.

PRIORITY: HIGH.     EFFORT: LOW.

Finally, an important note on Windows-10…

FUTURE SECURITY RISK: Microsoft to cease support for Windows-10 on 14-Oct-2025

I.e. that criminal hackers will gain access to your sensitive data by exploiting a technical vulnerability in Windows-10 that will never be fixed.

As discussed earlier, hackers (both good and bad) continually uncover vulnerabilities in all operating systems.  The developers of these operating systems continually provide updates (“patches”) for these vulnerabilities, BUT only the operating systems that they continue to support. 

Once Windows-10 is no longer supported, Microsoft will cease issuing security patches for it.  It is inevitable that, probably within a small number of weeks or months, vulnerabilities will be discovered that will not be patched.  These vulnerabilities can then be exploited by criminal hackers to crack into your organisation.

RECOMMENDATION: Retire any Windows-10 PC’s before Oct-2025.

PRIORITY: HIGH.     EFFORT: LOW to MEDIUM.

It may be possible to upgrade some PCs from Windows-10 to Windows-11.  However, any PCs still running Windows-10 are probably quite old and unlikely to have the required hardware specifications for them to be upgradeable to Windows-11.

Summary

Keeping devices up-to-date with the latest patches and software is critical to the security of your IT infrastructure and the sensitive data it holds.  It is one of the highest recommendations in every cybersecurity framework and guideline aground the world.  Here in Australia, the Australian Cyber Security Centre designates it as being one of the “Essential Eight”, i.e. one of the eight most important security measures. 

Please reach out if you’d like further background, advice, and/or help.  I also offer a comprehensive cybersecurity risk assessment for small and medium businesses, along with advice and recommendations tailored to the nature of your industry, organisation, customers, and the resources you are able to devote to securing your business.

#cybersecurity #cyber #smallbusiness #SMB