In our industry, and as a provider of email security solutions, we unfortunately see a few too many business owners who naively believe that they are too small to be hacked, or that there network has no interest to hackers. Sure, they may be aware of the need to have a good Anti-spam and virus platform in place, however, from there, their attention to security risks is often somewhat lacking.
One of the biggest areas overlooked by business owners and managers is the area of software version control, or perhaps more precisely, keeping the software on all their machines updated; be this a new version or just a patch. Too many people maintain older, outdated versions of software for varying reasons, be it laziness, ignorance to updates, resistance to updating, incompatibility with enterprise solutions, beliefs of better stability with older versions and so forth.
However, the value of regularly updating the software which your company owns cannot be overstated.
Below are 3 reasons why not updating your computer programs is a decision which you may come to regret.
1. One hacked computer can blacklist your IP
If you are like most people, when you think of hackers, you probably have a vision of them rifling through your data, selecting the information they want and doing with it what they want. What too many people don’t realize is that hackers are often not interested in your data, but instead are interested in your network. That is to say, they may only want to infect your network with Malware and/or add it to their botnet (an armada of computers and networks that have been infected with Malware and which work to distribute Spam). Why you may ask? Because in adding your network to their botnet, they can use each machine to send up to 25,000 spam emails.
The repercussions of this can be huge, especially for smaller businesses which manage their own email campaigns. If you have but one computer sending Spam (even unbeknownst to you) your IP may be blacklisted, meaning the chance of your marketing emails getting through is severely diminished, which in turn translates into potential loss of income.
2. No version release is ever perfect
From the way an end-user uses the product, through to the other programs installed on the computer, through to the different device drivers, or programs installed on the machine, there are too many different combinations to determine if the program is susceptible and has bugs. Unfortunately, no version is ever perfect. Try as hard as they may, programmers cannot emulate the millions of different permutations which end-users will put a program through. As such, the release version will likely require some ongoing bug fixes.
These will become apparent as consumers of the program use it and report back errors. However, not all consumers and end-users are necessarily ethical. Some users will identify these coding bugs and look for ways to exploit them for their own advantage. These bugs are called Zero Day Vulnerabilities.
For the most part, zero day vulnerabilities generally remain hidden to the end user, yet these flaws can be very damaging, especially for businesses. Once a zero day vulnerability has been identified, a hacker will look for ways to use the flaw to their own advantage (data theft, botnet activation, Malware distribution and so forth). If even one computer in your organisation is affected, then your whole network can be compromised.
It is important to remember that as programming methodologies improve, as other programs are improved and technology itself improves, that current programs will need to be updated to keep pace with the requirements of business and society. Failure to do so may cost your business time or money, or both.
3. Not all software updates are optional
As discussed, programs need to evolve and change. Virus scanners, popular PDF readers, micro-blogging platforms and many other ‘every-day’ applications have made business operations that much simpler. In many cases, many of these programs function to be an indispensible part of your business and as such, are designed to be highly functional and always current. There are a raft of programs that are updated regularly with minor improvements or patches which aim to help you even more. Adobe Air, Tweet Deck, Adobe Reader and Internet browsers are but a handful of examples of software that finds automatic updates and requests that you authorize the installation. More often than not, employees in a small business will authorise these updates.
This process seems innocuous enough, surely? In itself it is, absolutely. However, as per the above point, no version release is ever perfect. In the process of updating their own platform, programmers will seek to ‘optimise’ a program for certain operating environments and will make assumptions to this effect. Whilst older platforms are ‘supported’ because the program is not optimised for them, vulnerabilities begin to exist in your computers and the network. These vulnerabilities can include:
· Slower program speeds due to slight data issues
· Data loss
· System instability
· Zero day vulnerabilities, or a loophole or flaw which exists within a program (usually due to coding bugs) which lower the security of the program allowing hackers to take advantage and potentially bypass system security.
Containing zero day vulnerabilities is difficult. Whilst a platform and program may be safe today, an automatic upgrade to a piece of software that uses the framework of another program may cause these loopholes to come into existence. It is for this reason that it is important that you maintain a regular update cycle for all programs. By regularly updating all programs with the latest versions, or patches which fix existing and known issues, you are minimising the chance that your system’s stability and security will be compromised.
Taking a positive step
There are always pitfalls in adopting new technology and being an early adopter. Whilst the technology may seem stable, there is a chance it will not be. However, the chance of a zero day vulnerability or of system instability is even more likely if you do not look to maintain your network. In the same way that you manage and look after the physical hardware in the network, it is imperative that you protect and update the software solutions which are so vital to your business.
If you don’t, well it may just be your business you are jeopardising.