“Why do I always have to update my software?”
“What is a patch update and why is it so important?”
As an MSP, you know that it is hard enough to emphasize to every one of your clients and their employees the importance of strong security. You also know that keeping track of what they are using in regard to software and hardware is difficult, and even more so with almost everyone working remotely as of today. Having software updates deployed automatically – and not deferred – is something that you’re likely already doing, but if employees are responsible for performing those updates on their own, for example, if they’re using a personal device for work, are you confident they’re doing so? As we know, new threats pop up every day, and there is no room for lax cybersecurity measures.
“I keep rescheduling the update, I don’t have time to wait while it installs and reboots.”
Take for example the recent discovery by CyberArk on the Microsoft Teams application. Here we have a widely use platform from a software giant, and it was discovered to be susceptible to hackers via GIFs. The GIF function contained a security issue that would allow hackers to exploit its functionality and compromise a subdomain which would poison the GIF and allow access to a user’s account and data. This wasn’t complicated, in fact, all a user had to do was view the GIF and they could have been an unsuspecting victim. No clicking, no responding, just viewing.
After being notified by CyberArk on March 23, 2020, Microsoft quickly remedied the issue with a patch update. Had a user not known about this, a very likely scenario, they would not have known to be mindful and could possibly have been hacked.
“I don’t need the new version”
This is a perfect example of showing how everyone is susceptible when it comes to possible hacking, including the giants of any industry. And more importantly, users need to understand that when a patch is issued, it doesn’t always just mean a feature enhancement, but can likely include fixes to address bugs and security flaws.
With the ways that we engage changing daily, these types of communication platforms will likely become a regular target. Now more than ever, we need to explain the importance of staying diligent and aware of cybersecurity.