Copy
CISO Update #33: February 2021
 
Keep Your Devices Updated

New threats emerge in the world of cybersecurity every day. For example, in early February Google patched a 0-day vulnerability in Chrome. A “0-day” basically means that the bad guys found the vulnerability and used it before the vendor did, and now the vendor is catching up.  The good news is that vendors are being increasingly vigilant about providing updates frequently, to patch holes and vulnerabilities as they are discovered. The bad news is that at least some of these vulnerabilities require each of us to take some action to make sure those updates get applied, and this is as true at home as it is on your FIT devices.

Devices and the applications that run on them each have separate patching schedules, and sometimes in response to 0-day vulnerabilities vendors will release patches off-schedule. So, for example, installing patches for Microsoft Windows onto your computer doesn’t patch the Chrome browser running on that workstation; Chrome has its own update schedule. Most applications and operating systems will patch themselves if you let them, or if you help them just a little by restarting or rebooting. Remember: There may be stories of someone who installed a patch years ago and it broke something, and some of them may even be true. But … that was then and this is now. Patches are much better tested and more modern. Besides, if a patch breaks something, you can usually back it out. If you don’t patch and a bad guy steals your data, there is no recovery.

What can you do?

  1. Set your devices (phones, computers, tablets, etc.) and all the applications on them to auto-update. Most come that way by default. Don’t turn it off.

  2. When you get a notification on your phone or computer that it wants to install an update or patch, allow it. Make sure the patch is actually from the vendor: TechHelp can help you if you’re not sure.

  3. Restart your browser daily to make sure new features and updates are installed, and restart your computer at least weekly for the same reason. You’ll also find your computer will perform better.


There are lots more tips available on the Cybersafe website. Stay aware, and stay cybersafe!
About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from Cybersafe@fitnyc.edu for the latest from the Cybersafe campaign at FIT. Read past issues here.