We’ve all been there. We’re working away. We’re in the groove. And all of the sudden, this annoying window pops up asking you to update some piece of software or other. Ugghh! The disruption! Of course, the first inclination is to make this thing go away. But keeping your system software and your applications up to date is really important.
What is a software patch?
A software patch is a piece of software that generally has a couple of purposes.
1 - It fixes stuff. Software is written by humans and sometimes there are problems that need to be fixed later. Or there are loopholes that bad guys can exploit for their nefarious ends. Patches improve compatibility and stability, and help to make sure the bad guys stay away.
2 - Software patches are one way vendors add features to their applications. This is especially true for software purchased as a subscription - Office 365, or Adobe Creative Cloud, for example. It’s a way for the developer to deliver extra functionality without making you wait for the next version.
But everything is running great. Why should I fix what isn’t broken?
We hear this all the time. Your Mac is a dynamic and constantly-changing environment. One that bad guys are always looking for a way into. Bad guys are always keeping track of the latest loopholes, hoping that they won’t be fixed/patched. They prey on this complacency. Very recently, Equifax had a massive data breach. This single security failure exposed the information of 143 million Americans. The intruders exploited a flaw in Equifax’s web application system. This vulnerability was disclosed by the manufacturer back in March, and there were clear and simple instructions for how to remedy the situation. Two months after the problem was disclosed and a fix was released, Equifax was hacked because they had not patched their systems. Equifax’s systems weren’t broken. . .until they were broken.
But I’m just a little guy. No one wants my stuff.
On the contrary! Bad guys love small businesses because they know they generally pay less attention to security and devote fewer resources to it. They know that small businesses often have a hobbyist acting as IT and that they don’t have systems and processes to monitor all systems and make sure they are kept up to date and secure. And they know that most small businesses work with larger companies. So you may not be the target, but you may well have information which helps them exploit some of your larger clients. Indeed, the major security breach at Target in 2013 happened because hackers exploited a small HVAC contractor and stole usernames and passwords that got them access to Target’s network.
So how do we keep the nagging to a minimum?
We understand that you don’t get much done when it seems like you’re constantly nagged about updates. When you partner with an IT support provider, they should bring systems and implement processes to make sure users stay productive AND secure. Our management software does a daily software inventory on each system so we know when an application is in need of updating. Once we’ve tested each update and we're confident it won’t break anything, we add it to our self service application so that our friends (we don't support 'users' anymore) can update their software any time (with a time limit). There are lots of ways to do this and each IT provider should have their own process. And if they don't have a process for this - run away. Because your company's security is too important to be left to chance.