As I started to write this blog, I received one of those pesky pop-ups – a new release of Adobe Acrobat Reader alert. Yes, we all want to blow off those alerts when we are in the middle of something. But that can cause problem with our system later. So I shut down all my open applications and went to the Adobe download site. (Note: it is safer to go to the software site directly for a download, than to click on the alert. In the past, malware has been used to get customers to install fraudulent updates.)
It took less than 10 minutes to install the new patched release. After the installation was complete, I did a restart. If you don’t do a restart, the patched version is not operational. Just 10 minutes or less – treat yourself to a fresh cup of coffee or mediate for an unexpected 10 minutes of calm.
Patches protect systems from many malware applications. While it seems like software manufacturers are constantly expecting users to update their systems, it is because they are working to protect their applications from newly invented malware.
A daunting statistic was released recently about malware expansion. Panda Labs, a cybersecurity company, identified 84 million new malware samples in 2015. That equals 230,000 new malware samples a day. That is more than double what was identified just two years ago.
Opportunities abound for malware to get into small business systems. Industry experts speculate that only 25% of people patch within the first week after a release is announced. Another 25% update within the first month. An estimated 50% update after a month or never. With so many hackers actively looking for easy access to business systems, businesses are providing them with lots of easy targets.
What Businesses Can Do
These three activities business can make patching less burdensome. Have your IT specialist do the following:
- Set up software to automatically update, if automation is available.
- Develop a list of key software and every week have him check the software manufacturer’s website to ensure he has installed the latest version.
- Before buying new devices (printers, tablets, network servers, etc.) or software, talk with the sales person about how patches are handled. Make sure your IT person knows what will be needed and provide him with the appropriate resources to ensure efficient patching. If needed, hire a specialized contractor to develop a custom program to automatically install new releases.
The more you and your staff focus on ensuring your applications are patched quickly, the fewer risks you have of hackers entering your network through unpatched vulnerabilities.
Lopez, M. (2016, January 25). 27% of all recorded malware appeared in 2015. Panda Labs. Retrieved from http://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/
For more information on what small businesses can do:
Visit Carolyn’s other blogs at: http://www.nationalcybersecurityinstitute.org/category/small-business/
and consider the NCI Small Business Training options at: http://www.nationalcybersecurityinstitute.org/training/ Hurry! Our next in-person Cybersecurity for Small Business and Non-Profits is March 18, 2016 in Washington DC.