Learning From Equifax's Example: the Risks of Outdated Software

Digital security is one of the most pressing concerns for executives. Companies have access to more customer data than ever before. While that opens the door for customized service and efficient processes, it also carries the responsibility to safeguard that data.

That goes beyond using encryption tools. Some of the most high-profile data breaches have been caused by an easily avoidable problem: out of date software.

A Costly Oversight

Failing to update seems like a slight oversight, but it can be a costly mistake. Performance suffers when software isn’t running the most current version, causing reduced efficiency poor user experience. It’s also important to consider the opportunity cost of not having new features available.

More importantly, though, is the very real security risk posed by outdated software. Vendors maintain their products for a reason: it may contain bugs or vulnerabilities which threaten the security of a company's data. Most of the time vendors manage to close off those weak points before malicious actors find them, but that does no good if companies don’t download their fixes.

Last year’s catastrophic Equifax breach was a result of a known software vulnerability which the vendor had already addressed through an update - an update that was available for two months before the breach. 143 million people’s names, social security numbers, and addresses were exposed, and the company is still paying for cleanup.

The worst part is that the breach was completely avoidable. Updating would have taken a very short time, but it wasn’t seen as a priority until it was too late.

Staying On Top Of Updates

While the consequences of being out of date can be dire, it’s easily avoidable. Just follow these four basic steps to make sure everything is as current as possible.

Set up automatic updates

During initial software setup, choose the automatic update option when it’s offered. Automated maintenance is one of the biggest advantages of third-party software; don’t give that support away.

Even when automatic updates are selected, make a point to check for new updates regularly. Some programs only update at preset intervals. Those may be too long to avoid a risk if the company releases a time-sensitive patch.

Be mindful of web browsers and plug-ins

Outdated web browsers and plug-ins are a common security risk. Plug-ins are a rising trend in Shadow IT. Many employees don’t even regard them as “real software”, and they tend to click past update suggestions when they’re busy.

To see if there’s a potential insecurity, go to “Tools” in the browser’s “Help” menu and look for updates. It’s usually possible to set the browser to find and install updates automatically, but some niche plug-ins will need to be updated manually.

Restart computers daily

The majority of users like to keep their computers on and simply put them to sleep at the end of the workday. Work can then start right away in the morning, with all the tabs and documents from the day before open.

This seems like an efficient work process, but that efficiency comes at the cost of security. Updates need to be installed, requiring a restart for changes to take effect. Emphasize the need to download updates and restart all computers at least once a day.

The increased performance and avoided risk is well worth a few extra minutes to get organized in the morning.

Conduct regular audits

The longer a vulnerability remains in place, the more opportunity there is for disaster. Set up company-wide audits periodically to find out of date software and fix it before disaster strikes.

This doesn’t need to be a lengthy ordeal. Maintain a running list of all software used within the company by department including plug-ins, apps, and anything else that touches the company’s digital assets.

Every month, have managers go down the list and confirm that each is fully up to date, then pass the update on to IT. (As a bonus, keeping this list current informs digital transformation efforts by keeping leaders in the loop about software usage.)

Final Thoughts

Despite the occasional annoyance of an update popping up in the middle of the workday, installing them is free, fast, and easy. It’s also the simplest, most effective step in a corporate digital security plan. Don’t let a momentary inconvenience put the company at risk for a lasting crisis.

Part of good software development is making everything our developers use is up to date to protect our clients’ software. To find out more about our security policies and discuss how we plan to protect your next software project, set up your free consultation today!

Related Articles

A Faster Way Forward Starts Here