The link to the quiz is at the end of the article

Are you tempted to ignore the pop-up messages about installing software updates on your non-UCSF computer and other devices? This article gives you compelling reasons not to ignore the reminders.

Vendors, like Microsoft and Apple, create software updates (patches) to improve the functionality of their products and to correct known flaws in security. While software updates may seem inconvenient and time consuming, if they are not done in a timely manner, it leaves your computers, tablets, phones, and other personal devices vulnerable to: 

• Cyberattacks that can steal your email and other confidential information
• Malware that can infect your device, as well as serve as the attacker’s entry point to any network you are connected to and the devices of people you share documents or communicate with electronically

In most cases, software updates should be done as soon as possible because criminals try to exploit vulnerabilities before the software updates can fix them. The longer they remain unfixed, the more likely they will be exploited. A good example of what can occur if updates are not done timely is the Equifax data breach that exposed 140 million Social Security numbers, birth dates, and home addresses. A patch had been available two months before the breach, but Equifax failed to update the software. This type of breach has been on the rise ever since, leading to the FBI and CISA making many critical recommendations over the past few years to update software, prioritizing known exploited vulnerabilities.

Your UCSF ITFS-supported computer or laptop is already on a regular patch cycle that automatically updates standard software without you having to do anything except reboot the device when requested.

For applications installed outside of central UCSF IT support, per UC policy IS-3 section 12.6, the Unit (e.g., department) is responsible for the software updates. Installing applications means that the Unit is taking on the responsibility of ensuring those applications are kept up to date, either by completing the updates themselves or by working with UCSF IT to coordinate that effort. Automax, a leader in the cybersecurity industry, estimates that 60% of breaches are associated with unpatched vulnerabilities.

In addition to keeping your UCSF devices patched, here are some things you can do to stay updated on your non-UCSF managed devices:

• Turn on Automatic Updates for all your devices, including routers and broadband modems and do not ignore reminders to update.
• Check to see if there are any available patches that did not automatically update and then install them. 
• Install the UCSF security suite on your computer or laptop.

Please take the Software Update quiz. Everyone who passes is entered in a drawing for one of six $50 Amazon gift cards.

Additional Information (links)

FTC Article: Update your software now

IT Horror Stories: How Unpatched Software Hurts Businesses

Bad Cyber Hygiene: 60 Percent Of Breaches Tied to Unpatched Vulnerabilities

Related Policies, Standards, and Guidance (links)

IS-3 Project - Vulnerability Mgmt & Patch Mgmt (MyAccess authentication required.)

UC BFB-IS-3: Information Security(section 12.6)

UCSF 650-16 Addendum B - UCSF Minimum Security Standards for Electronic Information Resources

UC’s Important Security Controls for Everyone and All Devices (aka UC Minimum Security Standard)

UC Secure Software Configuration Standard

Click here to sign up for the Monthly IT Security Awareness News You Can Use Newsletter