it.ucsf.edu

Keep software updated!

Esther Silver's picture

Are you tempted to ignore the pop-up messages about installing software updates? This article gives you compelling reasons not to ignore the reminders!

Vendors, like Microsoft and Apple, create software updates (patches) to improve the functionality of their products and to correct known flaws in security.  While software updates may seem inconvenient and time consuming, if they are not done in a timely manner, it leaves your computers, tablets, phones and other personal devices vulnerable to: 

  • Cyberattacks that can steal your email and other confidential information
  • Malware that can infect your device, as well as serve as the attacker’s entry point to any network you are connected to and the devices of people you share documents or communicate with electronically

In most cases, software updates should be done as soon as possible because criminals try to exploit vulnerabilities before the software updates can fix them. The longer they remain unfixed, the more likely they will be exploited.  A good example of what can occur if updates are not done timely is the Equifax data breach that exposed 140 million Social Security numbers, birth dates, and home addresses.  A patch had been available two months before the breach, but Equifax failed to update the software.

Your UCSF computer or laptop should already be on a regular patch cycle for standard ITFS-supported software that updates the software automatically without you having to do anything except reboot the device when requested by the system.

For applications installed outside of central IT support, per policy IS-3 section 12.6, the Unit is responsible for the updates.  Installing applications means that the Unit is taking on the responsibility of ensuring those applications are kept up to date, either by updating themselves or working with Enterprise IT to coordinate that effort.

In addition to keeping your UCSF device patched, here are some things you can do to stay updated on your non-UCSF managed devices:

  1. Turn on Automatic Updates on all of your devices and do not ignore reminders to update.
  2. Check to see if there are any available patches that did not automatically update and install them.  
  3. Install the UCSF security suite on your computer or laptop.

Please take the Software Update quiz. Everyone who passes the quiz wins a prize! This month’s prize is an old-school desk clock (while supplies last and then will be replaced by a comparable item) to remind you to update your software in a timely manner.

 

Based on feedback from people who read the IT Security awareness articles and take the quizzes, and our goal to be more green, we are scaling back on individual prizes and increasing the number of grand prizes.  This month, an additional person will be selected for the grand prize: a PacSafe.Com secure backpack. So, now folks are twice as likely to win the grand prize!

Additional Information

UCSF Non-IT Field Services System Patching

ITFS Patching Policy (middle of the Basic Support page - includes list of standard software that is updated by central IT)

FTC Article: Update your software now

Related Policies and Standards

UC BFB-IS-3: Information Security(section 12.6)

UCSF 650-16 Addendum B - UCSF Minimum Security Standards for Electronic Information Resources

UC’s Important Security Controls for Everyone and All Devices (aka UC Minimum Security Standard)

UC Secure Software Configuration Standard

UC Secure Software Development Standard