Are you tempted to ignore the pop-up messages about installing software updates on your non-UCSF computer and other devices? This article gives you compelling reasons not to ignore the reminders!

Vendors, like Microsoft and Apple, create software updates (patches) to improve the functionality of their products and to correct known flaws in security.  While software updates may seem inconvenient and time consuming, if they are not done in a timely manner, it leaves your computers, tablets, phones and other personal devices vulnerable to: 

• Cyberattacks that can steal your email and other confidential information
• Malware that can infect your device, as well as serve as the attacker’s entry point to any network you are connected to and the devices of people you share documents or communicate with electronically

In most cases, software updates should be done as soon as possible because criminals try to exploit vulnerabilities before the software updates can fix them. The longer they remain unfixed, the more likely they will be exploited.  A good example of what can occur if updates are not done timely is the Equifax data breach that exposed 140 million Social Security numbers, birth dates, and home addresses.  A patch had been available two months before the breach, but Equifax failed to update the software.

Your UCSF computer or laptop should already be on a regular patch cycle for standard ITFS-supported software that updates the software automatically without you having to do anything except reboot the device when requested by the system.

For applications installed outside of central IT support, per policy IS-3 section 12.6, the Unit is responsible for the updates.  Installing applications means that the Unit is taking on the responsibility of ensuring those applications are kept up to date, either by updating themselves or working with Enterprise IT to coordinate that effort.

In addition to keeping your UCSF device patched, here are some things you can do to stay updated on your non-UCSF managed devices:

1. Turn on Automatic Updates on all of your devices including routers and modems and do not ignore reminders to update.
2. Check to see if there are any available patches that did not automatically update and install them.  
3. Install the UCSF security suite on your computer or laptop.

Please take the Software Update quiz. Everyone who passes is entered in a drawing for one of six $50 Amazon gift cards.

Additional Information

FTC Article: Update your software now

Related Policies and Standards

UC BFB-IS-3: Information Security(section 12.6)

UC’s Important Security Controls for Everyone and All Devices (aka UC Minimum Security Standard)

UC Secure Software Configuration Standard

UC Secure Software Development Standard