- July 31, 2018
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Ask Archer, Cyber Crime, Cyberattack, Data Breach, Financial Sector Security, Mobile Devices, Posts with image, Security Management, Vulnerabilities
What’s the most important thing you can do to protect yourself from bad guys online?
James asked the question during the live Ask Archer show.
“If you could only give one security tip to people, what would it be?”
See answer here:
“Patch,” answered Patrick C. Miller of Archer International.
“Patch as quickly as possible whenever you have an update for your apps, or an update for your operating system, or an update for your watch,” he added. “Get that update applied as quickly as possible.”
A Pew Research Center study released last year says one in ten people don’t ever update the operating system or apps on their phones, and about 40% only update their phones when it is convenient to them.
Reports say the data giant Equifax did not patch its systems for months, leading to a massive breach that exposed the personal information of more than 140 million people.
Equifax apologizes on Twitter for a massive data breach caused by failure to update or patch its systems. Image credit: Equifax/Twitter
Miller explained what happens.
Once a software vendor like Microsoft or Apple knows about a bug or vulnerability in their software, they work on a patch.
They release the patch and the announcement about the vulnerability at the same time.
“By telling the world, they just told the bad guys, too, that there’s a vulnerability in their software,” he said. “The bad guys can usually — based on the information that’s provided with a patch — reverse engineer and figure out how to exploit that vulnerability.”
It used to take days, weeks or even months for the bad guys to write malicious software after a company announced a vulnerability and a patch, Miller said.
“Now, it’s down to minutes, in some cases,” he said. “Now, sometimes the bad guys know about in advance. And then you don’t have any protection.”
You can check your phone in the Settings section to see if you have any updates waiting for you. Image credit: Archer News
By the time a company releases a patch, there could be malware written to attack you within minutes.
“One of the best defenses you could possibly have is just patching as quickly as possible, even if it’s inconvenient and annoying,” he said.
And next in line? Making sure you have your files copied and stored somewhere else, Miller advised.
“If I had a number two, I would say back up, because you can’t prevent everything bad from happening. And if you don’t have a backup, you’re hosed.”
See more Ask Archer questions & answers: