February 21, 2017
The Big Impact of One Little Update
Your operating system, your video player, your email, and even your Candy Crush app: there isn’t a program that doesn’t need an update every few days. With so much to keep up with, it’s very easy to simply ignore the notifications and click the button that says “Schedule Later.” We understand that updating software is annoying, but what happens when you don’t update your software is more than simply bothersome. It can be detrimental for any growing business, nonprofit, or college.
Why You Keep Getting Those Notifications
It’s hard to power on your laptop, connect to the internet, or even turn on your phone without push notifications and pop-ups, accompanied by the little ding of a bell, telling you it’s time to make an update. Some developers roll out updates even quicker than you can get around to installing the last one.
However, when Apple, Microsoft, or Google roll out new updates seemingly every other week, they aren’t intending to annoy you. Their updates aren’t strange marketing ploys forcing you to buy new products. Instead, they are the latest ways to keep your device performance up to par and your data safe. When hackers are scheming for the next big breach, it’s the old software that is most vulnerable. Their security flaws are known, out in the open for any hacker to discover.
This is why software updates are also known as “patches:” because of their ability to patch up security gaps. Like a patch that seals a hole in a pair of jeans, updates repair the security holes in software. They’re often the strongest protection against common viruses, and also one of the easiest to carry out. All it takes is a click of a button and a few minutes of downtime while you wait for the update to load.
Updates Aren’t Just for Your iPhone…
In the summer of 2016, Apple found that its popular mobile phones had been hacked by an Israeli software group that profited from selling spyware. Emails, text messages, contacts, and more were all put at risk. Passwords and even locations were being recorded. Apple needed a solution—a fast and effective one—that would seal the patch that had put the personal data of millions in danger. The company rolled out a new update for iOS, putting an end to the malicious endeavor by the software company. Months later, the company had to roll out an update to its desktop computers and Safari browser because the very same problem had been discovered again.
But iPhones and Macbooks aren’t the only devices that are in need of updates. As technology advances, computer software is used in everything from our cars to our hospitals. Towards the end of 2016, Tesla found that its cars’ WiFi and driving systems had been hacked into. The hack was so extensive, even the brakes could be activated by an outside party. Tesla released a security update that not only patched the hack, but enforced that patch, making it extremely hard for future hackers to break into the Tesla’s operating system and browser. Tesla isn’t the only car company to find its vehicles hacked. Fiat Chrysler experienced a similar situation and had to recall over one million cars after hackers were able to disable a Jeep from miles away.
Even hospitals have become high-tech hubs for hackers. In 2015, investigators found that drug pumps for patients, which are largely controlled by computers, could be hacked into due to a firmware flaw. Hackers had complete control over the amount of medicine patients could receive. The hack was so alarming that even the FDA got involved and issued an alert in regards to the drug pumps.
For some of the above situations and the many more not even mentioned, it was a flaw in the software that led to the security breaches. Hackers found out how to take advantage of the smallest gap with disastrous effects. Notable brand reputations were hurt and millions lost, not to mention the deadly threat these hacks could have posed had they not been caught and immediately “patched.”
These are unique events, but they demonstrate just how dangerous a hack can be. No matter if you own a business, run a nonprofit, or work for admissions at a university, it’s important to make sure that all of your software and devices are up-to-date, from the simplest smartphone to the largest operating system.
Consequences of Being Hacked
When you finally agree to the terms and services and update your software, you may lose a few minutes. However, a lot more is lost when you’re hacked. Privacy, money, time, trust. They can all disappear in only the seconds it takes a professional hacker to find his or her way into your outdated software and devices.
A personal computer or phone being hacked is upsetting and can put the owner out hundreds of dollars, but the impact is far less reaching than if a professional organization is hacked. Businesses have employees and customers. Nonprofits have volunteers and partners. Schools have students and alumni. A breach may have only taken one hacker, but it impacts tens of thousands. In the case of a company like Apple or Sony, that number is multiplied, reaching tens of millions.
It’s important to note that no organization is “too small” to be hacked, which is a common misconception held by many business owners and nonprofit leaders. There is no concrete number of employees, clients, or volunteers that defines whether an organization can or cannot be compromised.
For example, last spring one hundred faculty members of Harvey Mudd College (a school that only has a total enrollment of about 800) discovered that their personal payroll data had been accessed by an unauthorized party. The suspected center of this breach? A payroll software. Conversely, Michigan State University (with an enrollment of over 50,000) seemed to breathe a sigh of relief when “just” 449 out of 400,000 student and alumni records on its database were compromised. The immense difference in the size of the schools didn’t matter. They were both equally prone to being hacked. In the end, both schools ended up offering credit monitoring and identity theft protection for free to all those affected, which can be a relatively steep cost.
For a nonprofit especially, no matter the size, a hack can be devastating. With many nonprofits struggling for funds as it is, a hack can take valuable donations away. In 2014, hacks cost nonprofits roughly $145 per compromised record. That number may be more than the average person’s one-time donation. This figure doesn’t include damage that can’t be measured by number—damage to a nonprofit’s reputation. People are less likely to donate to causes and organizations that have shown a disregard for their personal security.
Meanwhile, hacks can literally shut a business down, either for a few days or indefinitely. In order to get a firm grasp on the hack and implement newer, safer technology, a business may need to close for several days and regroup. However, even if a business does all it possibly can, some businesses do not recover. In 2016, it was reported that 60% of small businesses that suffered from a security breach and cyber attack went out of business within six months. The steep financial costs and the deep lack of trust such a hack causes make for a devastating pairing.
Ensuring that your software is updated won’t prevent every security threat that comes your way, but it will prevent the most common ones and the serious consequences they have. If you want to know which software is at risk, The Hacker News is a great place to start. It’s updated regularly with news on cyber attacks, new malware, and vulnerable software so that you can stay one step ahead of hackers.
Security audits are also invaluable. These thorough assessments of your technology and hardware analyze how secure they are, whether they comply with current regulations, if everything is up to date, and whether their users are committing to best practices. You don’t need an internal IT team to conduct the audit, either. Tech solutions providers can visit your location and perform the audit. Our own IT services department has performed hundreds of audits for small businesses, area nonprofits, and colleges and universities. To better protect your data, sometimes all it takes is another set of eyes on your technology.
What to Do If You’re Hacked
If your business, nonprofit, or school finds that it’s been a victim of a cyber hack, it’s important to take immediate and effective steps forward that will not only patch the breach, but also mend your reputation:
- Identify the Problem It’s vital to find out exactly what happened. What was hacked? How was it hacked? Which devices or networks were compromised? Knowing what happened will move you one step closer to finding a solution. You can’t fix anything if you don’t know where to start. Your tech solutions provider may be able to help you diagnose the issue.
- Be Transparent As you move forward with fixing the problem, whether that involves finding an IT provider to install updated antivirus software or hiring a legal representative for advice, guidance, or any pending litigation, it is important that you remain as transparent as you can with your employees, clients, students, partners—anyone who may have been affected. A cyber attack that could have been prevented may very well cost your organization trust, but communicating regularly and truthfully is the best way to try and save it. (More about transparency’s benefits can be found in last month’s blog post.)
- Rebuild It is time to put what you learned in the first step to use. Take what you may have done wrong the first time and do it right. Upgrade devices and install antivirus software. With your tech solutions provider, come up with a plan for the future. Perhaps designate certain devices to very specific tasks and software, so that not all software is stored on the same device. That way if one software is undermined, the hack won’t bring down your entire system or compromise other private data.
If your organization doesn’t have cyber security insurance, all of the above solutions will be costly. It is important that any organization dealing with online activity and the exchange of personal information get cyber security insurance in order to mitigate the costs. While you may think that a hack on the scale of Apple or Sony may never happen to you, as everyone from celebrities to corporations to government agencies will tell you, hacks happen. It is best to be prepared for when they do.
Need an Update? KDG’s IT Services Team Can Help
It’s easy to fall behind on your updates. If you have devices that need an upgrade or software that needs a patch, KDG’s IT support and tech management team can help. They’ve worked with businesses, nonprofits, and colleges around the country, updating softwares, upgrading devices, and planning stronger, more solid strategies for cyber protection.
If you need a partner who will help your organization devise a “hack-free” solution to your technology, or simply would like another set of eyes on the security measures you may already have in place, the IT services team at KDG can help.