The biggest thing you can do for your security is apply those annoying software updates
It’s annoying. Your computers and phones are constantly asking you if you’d like to apply the latest security update now… or maybe tonight.
At work, these updates are usually handled for you, but for your personal devices you’re on your own. Don’t give into the temptation to not apply updates because you don’t think your personal devices don’t matter. There’s plenty of important data on them that you care about, like your family photos or that screenplay you’ve been writing for 10 years.
You’re important, just like everyone else
People always tell me, “it doesn’t matter if I apply updates. I’m not important, and I don’t need to live my life in fear because no one cares about me!”
Unless you are an especially interesting target, such as an elected official or a head of a major corporation, you are probably correct about not being important, in the sense that no one is going to specifically target you using a security vulnerability.
That doesn’t mean that your devices aren’t valuable. There’s plenty of money to be made by targeting large groups of people who don’t apply security updates. If I can sell access to an illegal computer for 50 cents, but have 20,000 compromised computers, that’s worthwhile money to someone, somewhere.
What do the updates fix
Many of the security updates resolve security problems that result from others taking control of your system. You don’t even need to do anything wrong to have your system compromised.
For instance, you could be visiting a plain old news website. Sure, the website itself could be secure, but an attacker could have placed an ad on the site that takes advantage of a security vulnerability in the web browser. This security vulnerability could allow them to put malware on your system, allowing an attacker to connect remotely to your system — without your knowledge.
What could they do with that access? Practically anything. They could get to all personal data stored on the device and extract anything they want. They could also install ransomware, software that encrypts all the files on your computer, unless you pay a fee to the attackers. They could use your computer as a proxy to conduct illegal business. They could also use your computer to attack other computers, which, if combined with thousands of other computers, could be used to attack websites, taking them offline.
Besides the fact that all of these things are legitimately bad by themselves, they could slow down the speed of your internet service or device, too.
Update everything and turn on automatic updates
This problem isn’t just limited to your phone, tablet, or computers. Anything that connects to the internet should be updated on a regular basis. Your TV, your routers, your smartwatch, your Bluray player, your smart light bulbs, your thermostat, or even your internet connected refrigerator. By the way, please never buy an internet connected refrigerator.
Update policies are unclear, especially if you keep the devices for a long time
Many non-phone and non-computer devices, commonly known as the internet of things, have unclear update policies that can put you at risk.
My request to never buy an internet connected refrigerator is because of the unclear update policy. These refrigerators, which have a giant internet-connected touchscreen, are starting to become more mainstream.
There’s a problem, though, because generally, refrigerators will last a long time–longer than 10 years. Will the device manufacturer actually provide security updates to the software on the touchscreen for 10 or more years? They never say they will in any marketing materials that I’ve seen.
Even Apple iPhones, which have one of the industry’s longest software update periods, usually stop getting updates after 6 years from initial release, and Apple controls 100% of the hardware and software. Many Android tablets, which these refrigerators are based, stop providing updates in around 2–3 years—if they even get them for that long. Also, keep in mind, some of the companies making these refrigerators are not technology companies at heart, which means they might think that updates are an extremely low priority.
No updates to the refrigerator mean that attacks become increasingly likely as time goes on and security holes don’t get patched. Just like with your computer, you could be doing day to day things on the touchscreen, and then get infected through a single link on the internet. For security purposes, you’d be better off buying a regular refrigerator and super-gluing an iPad to it, because you could at least eventually replace the iPad.
Meanwhile, smart plugs and smart coffee makers might have similar problems. Remember that anything that’s unsecured, even on your local network and even if those devices seem minor, can reduce the overall security of your other devices.
Check for updates on your computers, phones, and internet of things
Many of these devices will update automatically, by themselves, without you having to do anything. However, you should check that is the case before assuming by going into the settings of each device. In the update settings, it will probably tell you the last time an update was applied.
If you have some internet connected devices that haven’t been updated within the past year or longer, you might want to replace these devices — or at least disconnect them from the internet, until you can see if updates are available. Many of the devices have intentionally short lifespans so that you have to purchase a new device, and the manufacturer is likely not interested in updating them because of that.
On your computers and phones, do the same thing. If you’ve been putting off those updates for too long, backup your computer and apply the patches now. Applying these patches is a minor, on-going inconvenience that could save you plenty of time and hassle later.
You’re not paranoid if they are out to get you
So yes, you’re not important individually to attackers. For most people, you won’t be specifically attacked for your data or information. However, the automatic attacks that can exploit a security vulnerability are valuable to attackers because they allow them to do whatever they want with your devices. It is up to you to stop them by simply keeping everything updated, or, if its not updated, off the internet.
At this time of great need, please consider giving to your local food bank. In the Chicago area, I recommend the Greater Chicago Food Depository.
