This content is viewable by Everyone

News

The Crucial Role of Regular Software Updates in the “Vulnerability Era”

The link to the quiz is at the end of the article.

Do you find yourself dismissing those pesky pop-up messages urging you to install software updates on your personal devices? This article will reveal why it’s crucial to pay attention to these reminders and how doing so can protect your digital life. Don’t underestimate the importance of keeping your devices updated! 

Vendors like Microsoft and Apple create software updates (aka, patches) to improve the functionality of their products, fix bugs, and plug security holes (vulnerabilities). While software updates may seem inconvenient and time-consuming, if they are not installed in a timely manner, they leave your computers, tablets, phones, and other personal devices vulnerable to: 

  • Cyberattacks that can steal confidential information like your emails and contacts 
  • Malware that can infect your device and make your device the attacker’s entry point to any network you are connected to and the devices of people you share documents or communicate with electronically

In most cases, software updates should be installed as soon as possible because criminals try to exploit vulnerabilities before the software updates can fix them. The longer they remain unfixed, the more likely they will be exploited. A good example of what can occur if updates are not done timely is the Equifax data breach that exposed 140 million Social Security numbers, birth dates, and home addresses. A patch had been available two months before the breach, but Equifax failed to update the software in the two months the patch had been available. This type of breach has been on the rise ever since, leading to the FBI and CISA making repeated critical recommendations over the past few years to update software, prioritizing known exploited vulnerabilities. This has become so prevalent that, according to the 2024 Verizon Data Breach Investigations Report, we have entered into a “Vulnerability Era” where exploitation of vulnerabilities has become a prime vector for bad actors.

Your UCSF ITFS-supported desktop or laptop computer is already on a regular patch cycle that automatically updates standard software without you having to do anything except reboot the device when requested.

For applications installed outside of central UCSF IT support, per UC policy IS-3 section 12.6, the Unit (e.g., department) is responsible for the software updates. Installing applications means that the Unit is responsible for ensuring those applications are kept up to date, either by installing updates themselves or by working with UCSF IT to coordinate that effort. In addition to keeping your UCSF devices patched, here are some things you can do to stay updated on your non-UCSF managed devices:

  • Turn on Automatic Updates for all your devices, including routers and broadband modems, and do not ignore reminders to update
  • Check for any available patches that did not automatically update, and then install them
  • Install the UCSF security suite on your computer or laptop

Please take the Software Update quiz. Everyone who passes is entered in a drawing for one of six $50 Amazon gift cards.

Additional Information (links)

FTC Article: Update your software now

TechTarget article: What is patch management? Lifecycle, benefits and best practices

CISA article: Understanding Patches and Software Updates

ninjaOne article: IT Horror Stories: How Unpatched Software Hurts Businesses

Related Policies, Standards, and Guidance (links)

UC BFB-IS-3: Information Security(section 12.6)

UCSF 650-16 Addendum B - UCSF Minimum Security Standards for Electronic Information Resources (section m)

UC’s Important Security Controls for Everyone and All Devices (aka UC Minimum Security Standard – section 9)

UC Secure Software Configuration Standard (sections 4.2.16-4.217)