02/01/2018

Cyber Resolution: Patch up Device Defects

Making sure devices are updated is a critical step in securing your privacy

Software patches for computers, smartphone and other devices are similar to fabric patches that repair holes in clothing. Software patches fix defects or vulnerabilities within a program. Making sure these devices are updated is a critical step in keeping consumers secure.

Patches are released in varying formats. Modern operating systems typically check for and install patches automatically, which can be confirmed or changed under the operating system’s security or updates menu. Some smart device manufacturers release patches from their websites and alert users of them via email. If you use an Apple device, patches will come in the form of updates for your apps within the Apple App Store or updates to the iOS under your settings menu.

Today, patches also are released by developers to address security weaknesses in the apps, programs, and services on our digital devices. As the use of internet-connected devices grows, software patches are used to update devices such as speakers, thermostats, and gaming consoles.

It is important to install a patch as soon as it is released to protect devices from cybercriminals. Attackers often keep targeting vulnerabilities in software and systems for months or even years after patches are available in the hopes of exploiting devices that don’t have the necessary updates. 

One example of this targeting was the WannaCry ransomware cyberattack that infected over 200,000 computers worldwide last year. The weakness that the ransomware exploited in Windows computers was well known. In fact, Microsoft had released a patch to fix the known weakness months before. However, many organizations and individuals failed to install the patch, which allowed the WannaCry attack to spread.

To make the patching process as effective as possible, consider the following:

• Enable automatic updating whenever possible. This is the easiest way to ensure that all devices are current.
• Remove programs or apps you no longer use. Even an unused program or app can enable a cybercriminal to attack your device or system.
• Download patches only from trusted sources. Do not trust a link to a patch in an email message.

This article was provided to OSAE by the Ohio Attorney General.