It is time for an update already! Don’t let vulnerabilities from previous years come back to haunt you and your small business. A joint cybersecurity advisory from multiple government agencies including CISA, the NSA, and the FBI from the United States, concluded that the most exploited vulnerabilities in 2022 were exploits identified in years prior that were never patched or updated. Other agencies included in this report are from Canada, the U.K., Australia, and New Zealand.

What this means

The “tl;dr” version of this Security Byte says to update your devices regularly and on a set schedule. The “I need to provide more information besides just that” says updates play a critical role in protecting your small business from falling victim to a cyberattack. The proof is in the evidence provided by the joint cybersecurity advisory. This advisory does not come as a surprise as updates are oftentimes neglected by both the end user and the device and software organization.

Why are updates not updated

There can be several reasons for this, let’s first look why a device or software organization may skip updates.

  • Updates cost money and time
  • The device or software may no longer be supported
  • Lack knowledge or means required to create the update
  • May not care to make an update
  • Organization may no longer be operational

Now let’s look at the reasons why your small business may not update your devices or software.

  • Unaware updates are available
  • Not sure how to apply or how often to update
  • Misconceptions about updates
  • Little time to focus on IT and updates

Some best practices

Whenever possible turn on automatic updates. This allows for our devices and software to regularly check for new updates and to install them. You can typically configure these to install during off hours and so any reboot of the device occurs when you are not using it. This means you will almost always have the latest updates protecting your small business. For devices or software without automatic update features make it a business process to regularly check for updates on a set schedule and do not deviate from it. Make it become a habit.

For most of us, automatic updates are fine, but there are some devices that require testing prior to updating. This is important for devices in medical facilities, as a new update may “break” the device. This could also be the case in manufacturing, the small business may have a piece of equipment fine-tuned and the update may take the device offline. It is important to identify all of your devices and identify which devices will be sensitive to updates and to thoroughly test the updates in a safe and controlled manner. So it is time for an update!

For more information on small business cybersecurity resources, check out Small Business, Big Threat!