You may know of the 2017 Equifax breach (glossary: data breach). That case study in reckless irresponsibility spilled the full names, birth dates, addresses, driver's license numbers, Social Insurance Numbers (Source: 1, Canadians), Social Security Numbers (Americans) and more, into the trade in stolen data.
Research by a major software company and a private research group found that 57% of breaches suffered by organizations could have been prevented by security updates (Source: 2).
Negative effects of such loss can be permanent and persistent, especially if the data lost can't be changed to protect the victims. For example, your address is difficult to change, and SIN numbers nearly impossible.
The breach happened because Equifax failed to use a software update that was already available for two whole months (Source: 3).
Software updates matter. Your tools and techniques protect yourself and the people you interact with.
Understanding the impacts of out-of-date software
Security updates (also called patches) are critically important, for both very large and very small organizations. The Canadian federal government even makes 2-minute videos encouraging employees to stay patched, using metaphors comparing patching software to dressing for rain ☔️
But while governments are attractive targets, small businesses are easy targets.
Software updates are not cheap to create. But they are made because all software is essentially imperfect. By imperfect, I mean:
- Our needs are always changing, so good software is always adapting, (ideally) to keep meeting those needs. Software is changed using feature updates.
- Vulnerabilities (Glossary: vulnerability) are discovered in all software, and those are patched using updates. Specifically, security updates.
We can debate whether we want feature updates (maybe we don't want to update because we'll lose a feature we like), but we always want security updates!
Update important tools regularly
We find that reluctance to use software updates is more often down to unwillingness to break features we like－rather than fear of being better defended against myriad cyber issues.
So which are the most important tools to keep updated?
Both your operating system (Glossary: operating system) and browser are good targets, especially as we use many tools through the browser as web apps (Glossary: web app). Our browsers are like supertools! 🦸♀️
Remember that you often need to restart both your browser and your operating system for the updates to happen.
What else? Check out the templated software update checklist in Notion.