Ever wonder how all the big tech companies manage to anticipate all the different ways their products could be hacked? The truth is they can’t. Not 100% of the time. Which is why security researchers are always announcing new vulnerabilities, leaving businesses scrambling to patch them.
Once they’re available, the next bit is to get them on your machine. So how does that work?
Big wigs and high rollers from can have whole IT departments running this – often reporting to a Chief Technology Wonk who coordinates the whole shebang with the other higher ups.
But in the home office? You’ve neither these resources nor this leadership in charge of it for you. You might have an IT tech lined up – but it’s likely still on you to call them in. Your saving grace is that your situation is way less hardcore.
Enterprise IT involves client/server networks with sprawling IP addressing schemes, custom software and one-of-a-kind hardware configurations, and documentation approaches that veer all the way from arcane runes written on vellum through to oral traditions handed down from shaman to shaman.
And more often than many people wants to talk about, there’s a slap dash shell script written in a rush by a hateful alcoholic having a bad day in 1993 that now holds up an entire department.
You update on this with no testing or planning? Maybe it’s no problem, and maybe something holding the whole thing together disappears and it’s all cactus.
It’s delicate and it’s fiddly task. One wrong click can be a disaster; even getting it perfect can be a pain in the proverbial.
As freelancer, you likely just need to browse the web, handle email, write documents, back things up to the cloud, do the books, that sort of thing – hopefully without the inconvenience of hacking, scams or malware. It’s all stuff that Silicon Valley’s had in their crystal ball for yonks.
Still, you gotta actually do it.
How updates make a big difference
Ok. Let’s get down to brass tacks.
There are two kinds of security vulnerabilities out there: known and unknown. The unknown vulnerabilities are usually the most effective – because nobody has had a chance to defend against them yet.
But finding them is really hard. You have to trawl endlessly through code and notes and weird hunches for a thing that the entire rest of humanity has missed and that you can’t be sure is even there until you find it. It’s galaxy brain stuff.
On the other hand, it’s easy to let someone else do all this work. And let’s be clear, very few out there are genius supervillains – they’re generally just creeps looking for an easy way to avoid honest work.
If you’re not applying security updates, you run so much more risk.
Why you need to keep Windows up to date
Did you know the two most damaging ransomware attacks of all time each targeted a vulnerability in Windows that Microsoft had already fixed?
These billion dollar disasters happened because so many users just hadn’t applied the patch.
How do you avoid being caught up in that?
Does Your Version of Windows Still Receive Security Updates?
Microsoft has stopped releasing security updates for operating systems older than Windows 7.
This means if you’re using Windows Vista, XP, ME, 98 or 95 anywhere in your office, this computer is wide open to hackers and ought to be upgraded as a matter of urgency.
Windows 7 is on the way out too. Security patches stop in January 2020; that’s not all that long away.
Updating Windows 10
Look, I’m not going to make excuses for what a horrible user experience you get from the current round of Windows updates. They’re especially obnoxious in home environments, where no IT team patrols the perimeter between you and Microsoft to dive and take the bullet.
They arrive out of nowhere to totally take over your machine with all the politeness and none of the excitement of a bank robbery, so very often at the worst possible time.
But here’s the thing – these updates also protect you against the bad guys.
Even if you disable feature updates, make sure you’re applying security patches.
What if You Don’t Use Windows?
Mac OS is mostly a nicer experience with updates – It feels less like a bank robbery, anyway. You can apply them manually or automatically, and they’re never forced.
Where Apple arses you about most majestically is by not telling you how long they intend to support each version – or even letting you know when support is dropped. They’ll just quietly stop releasing patches.
Linux, overall, has the nicest user experience of all with updates. They’re super quick – and you can even get on with other things while they’re running – you usually don’t even have to reboot. It’s also entirely up to you when they run. That last bit though is a double edged sword because it leaves it completely on you to do it.
Different Linux distributions will be supported for different lengths of time. Obscure hobby projects are occasionally abandoned just out of nowhere because something happened in the maintainer’s life. Mainstream distributions publish schedules that are quite reliable.
Software Besides Your Operating System
Many attacks exploit vulnerabilities in the web browser to gain access to the operating system or to install malware. Most popular web browsers can be set to apply updates automatically. This is a very good idea.
Anti virus and malware removal tools should also be kept updated against the latest attacks.
Now here’s a doozy. I’m not sure many people outside of IT have even heard of firmware, let alone know to update it. As an industry we’ve just done a terrible job of communicating this.
Firmware is the low level software that runs embedded devices like your router and wireless access points. You don’t want these compromised – they sit between you and the whole internet.
If you’ve got a wireless router that’s more than a couple of years old, and you’ve never touched the firmware there’s a big vulnerability there leaving you wide open.
You can find the instructions for updating a device’s firmware in the manual. If you’ve lost the copy that came in the box (who hasn’t?) then just Google it. As a rough rule, check for any patches when daylight saving changes.
Updating Your Website
If you don’t update your website, it’s just a matter of time before it gets hacked. Keep your content management system, themes and plugins up to date.
Now is also a really good time to add SSL encryption to your website if you don’t have it already. With an unencrypted website, every time you log in to the dashboard, your username and password is transmitted across the internet in plain text where anyone who intercepts the traffic can just read what you’ve typed.
Migrating a website to SSL used to be a difficult and expensive process. Services like Let’s Encrypt now offer SSL certificates for free, and in a way that makes things easy for you or your tech to implement.
Updating Your Passwords
While we’re talking updates, how long has it been since you changed your passwords?
Because encryption algorithms change to keep up with processing power, passwords found in older databases are that much more vulnerable to password cracking techniques.
On top of that, not many of us were really all that on top of our game five years ago for what a strong password even looks like.
Click here for more on how to choose a new password.
Dealing with updates is boring and it’s a chore – but it’s way less of a pain than losing your work or getting scammed. Get this out of the way so you can get on with the stuff that actually makes you money.