Understanding Patches and Software Updates CSAM: Week 4 Information Security Best Practices
October 21, 2022
Update your software!
Bad actors will exploit flaws in the system. Network defenders are working hard to fix them as soon as they can, but their work relies on all of us updating our software with their latest fixes. We recommend the following:
- Update the operating system on your mobile phones, tablets, and laptop
- Update your applications – especially web browsers – on all your devices
- Turn on automatic updates for all devices, applications, and operating systems
What are patches?
Patches are software, and operating system (OS) updates that address security vulnerabilities within a program or product. Software vendors may choose to release updates to fix performance bugs and provide enhanced security features.
How do you find out what software updates you need to install?
When software updates become available, vendors usually put them on their websites for users to download. Install updates as soon as possible to protect your computer, phone, or other digital devices against attackers who want to take advantage of system vulnerabilities. Attackers may target vulnerabilities for months or even years after updates are available.
Some software will automatically check for updates, and many vendors offer users the option to receive updates automatically. If automatic options are available, the Cybersecurity and Infrastructure Security Agency (CISA) recommends that you take advantage of them. If they are not available, periodically check your vendor’s websites for updates.
Make sure that you only download software updates from trusted vendor websites. Do not trust a link in an email message—attackers have used email messages to direct users to websites hosting malicious files disguised as legitimate updates. Users should also be suspicious of email messages that claim to have a software update file attached. These attachments may contain malware (see Using Caution with Email Attachments for more information).
If possible, only apply automatic updates from trusted network locations (e.g., home, work). Avoid updating software (automatically or manually) while connected to untrusted networks (e.g., airports, hotels, coffee shops). If updates must be installed over an untrusted network, use a Virtual Private Network connection to a trusted network and apply updates.
What is the difference between manual and automatic updates?
Users can manually install updates or elect their software programs to update automatically.
- Manual updates require the user or administrator to visit the vendor’s website to download and install software files.
- Automatic updates require the user or the administrator’s consent when installing or configuring the software. Once you consent to automatic updates, software updates are “pushed” (or installed) to your system automatically.
Note: Some applications require older versions of the operating system (OS). If you have a unique application, check with the developer before updating the OS.
Learn more on Chapman University’s Information Security Best Practices page.
Thank you,
Chapman University IS&T
Follow IS&T on Instagram and Twitter: chapmanu_ist
PRIZE ALERT!
For each of the four weeks of Cybersecurity Awareness month, we will be having a weekly “challenge” to earn cool prizes! Anyone who completes the weekly challenge will be entered into the raffle for that week’s prize. To finish with a BANG, at the end of the month, all submissions will be pooled together for a grand prize. To increase your chances of winning the grand prize, complete the challenge for each of the four weeks to earn a total of 4 entries!
Rules:
- The winner of each week’s prize will be randomly selected from all entries for that challenge.
- The winner must be a Chapman staff/faculty/student, and submissions will only be accepted coming from their Chapman email address.
- Winners will be selected and notified in early November. Winners have 1 week to “claim” their prize, or another winner will be selected.
How to win:
Complete this week’s challenge – Cybersecurity Challenge. (Directions below)
We hope to hear from all of you, and good luck!
Week 4 Challenge – Kahoot Trivia – Cybersecurity Awareness
Prize: Fire TV Cube 4K Ultra HD + Infosec Tee Shirt*
Directions:
- Click on the link to start the Kahoot game: Kahoot Link
- Complete the 10 questions from the quiz.
- Email infosec@chapman.edu some confirmation of completion (screenshot, print screen of your score)
- Use the following subject line: “CSAM – Week 4”
*Limited to available sizes. Winner of Kahoot will win a tee shirt. All others, including the winner will be entered into a raffle for the Fire TV Cube