Welcome to my October 2019 refresher series in honor of this year’s National Cyber Security Awareness Month. Last year’s five-part series went over well, so I wanted to revisit what I see as the three most commonly overlooked aspects of cybersecurity from the home and end-user perspectives; 

• Passwords, how we come up with them and how we store them 

• Updates, when to check for them and how to apply them 

• Netiquette, what to do, and what not to do on the open Internet 

This week, I’d like to focus on updates. At the same time, I’d like to paint the term “updates” with a very broad brush. Updates to items like your laptop, tablet, home PC, and especially your cellphone are on the table when discussing this topic. Also up for consideration are updates to hardware, sometimes referred to firmware, operating system and component updates, and updates to software applications. Beyond the scope of this article, though I’m about to mention them, are upgrades. Upgrades are not to be confused with updates; upgrades bring new features to devices, be they hardware, operating system, or software upgrades. Updates are done to maintain system integrity and stability, to mitigate common vulnerabilities and exploits (CVE), and to patch known bugs in existing code. 

 Upgrades tend to increment what are known as major version numbers, such as the upgrade from thee latest version of Windows 7, version 6.1.7601, to the first version of Windows 10, version 10.0.10240. Updates, which we’re tackling today, generally maintain your device at the same hardware, operating system, or software versions as before they’re applied. The most salient example being Microsoft’s Windows 10 Fall 2018 Creator’s Update, version number 10.0.16299, to the most recent Windows 10 May 2019 Update, version 10.0.18362. The major and minor version numbers, 10.0 from these examples, don’t generally change across updates. 

 Knowing now that updates are to maintain that our devices are secure and happily functioning, you may find it strange that most people do not click “Yes” when presented with an update prompt on their phones, laptops, and home computers. In 2012, Skype commissioned a survey that found 40% of consumers in America, Germany and the UK didn’t update their software when they were first prompted. They went farther to try to understand why users didn’t update immediately, acknowledging reasons from misunderstandings as to what updates are, to introducing new bugs, and even worrying about the security of the updates themselves. The standard issues of time, performance and cost benefit analysis were also considered. 

 Since Skype’s survey, it appears that consumer behavior has not improved much. In May 2017, the Internet was hit with a global ransomware attack styled as a virus and referred to as “WannaCry.” Shortly thereafter, another exploit was released upon the Internet that took advantage of the same vulnerability as WannaCry. To researchers’ surprise, both ransomware attacks would have failed if all the infected computers had been up-to-date with Microsoft’s free service known as Windows Updates.  These attacks included home and business end-users in over 150 countries. As an example, the cost to remediate the effects of the WannaCry virus for the United Kingdom’s National Health Services was over one hundred million United States dollars.  

 We hope that in 2019 we aren’t still faced with numbers like 2012’s 40% of users still not updating their devices, but the reality is likely still hovering around that very poorly set bar. For this week’s installment on National Cyber Security Awareness Month, set the bar higher, and update your devices. Do yourself a favor and at a minimum apply security updates to your phone and tablets. Update the applications that keep prompting you from the Google or Apple app store. Though as an IT professional I recommend waiting a few weeks from the time they’re released, click “Yes” on those Windows Updates, and save yourself from the pain of being hacked for simply being out-of-date.