Are you tempted to ignore the pop-up messages about installing software updates on your non-UCSF computer and other devices? This article gives you compelling reasons not to ignore the reminders.

Vendors, like Microsoft and Apple, create software updates (patches) to improve the functionality of their products and to correct known flaws in security.  While software updates may seem inconvenient and time consuming, if they are not done in a timely manner, it leaves your computers, tablets, phones, and other personal devices vulnerable to: 

• Cyberattacks that can steal your email and other confidential information
• Malware that can infect your device, as well as serve as the attacker’s entry point to any network you are connected to and the devices of people you share documents or communicate with electronically

In most cases, software updates should be done as soon as possible because criminals try to exploit vulnerabilities before the software updates can fix them. The longer they remain unfixed, the more likely they will be exploited.  A good example of what can occur if updates are not done timely is the Equifax data breach that exposed 140 million Social Security numbers, birth dates, and home addresses.  A patch had been available two months before the breach, but Equifax failed to update the software.  This type of breach has been on the rise ever since, leading to the FBI and CISA making many Critical recommendations over the past few years to update software, prioritizing known exploited vulnerabilities.

Your UCSF ITFS-supported computer or laptop should already be on a regular patch cycle for standard software that updates automatically without you having to do anything except reboot the device when requested by the system.

For applications installed outside of central IT support, per UC policy IS-3 section 12.6, the Unit (e.g., department) is responsible for the updates.  Installing applications means that the Unit is taking on the responsibility of ensuring those applications are kept up to date, either by updating themselves or working with central IT to coordinate that effort.

In addition to keeping your UCSF devices patched, here are some things you can do to stay updated on your non-UCSF managed devices:

1. Turn on Automatic Updates on all your devices including routers and modems and do not ignore reminders to update.
2. Check to see if there are any available patches that did not automatically update and install them.  
3. Install the UCSF security suite on your computer or laptop.

Please take the Software Update quiz. Everyone who passes is entered in a drawing for one of six $50 Amazon gift cards.

Additional Information

FTC Article: Update your software now

IT Horror Stories: How Unpatched Software Hurts Businesses

Related Policies, Standards, and Guidance

IS-3 Project - Vulnerability Mgmt & Patch Mgmt (MyAccess authentication required.)

UC BFB-IS-3: Information Security(section 12.6)

UCSF 650-16 Addendum B - UCSF Minimum Security Standards for Electronic Information Resources

UC’s Important Security Controls for Everyone and All Devices (aka UC Minimum Security Standard)

UC Secure Software Configuration Standard

Click here to sign up for the Monthly IT Security Awareness News You Can Use Newsletter