Don’t hate the update – it might just save your bacon!

Updated: May 6, 2021

Software and app updates contain vital security updates to help protect your devices from cyber criminals.

Cyber criminals use weaknesses in software and apps to attack your devices and steal your identity.

Why is this bad for businesses?

Software and app updates are designed to fix these weaknesses and installing them as soon as possible will keep your devices secure.

An example of a cyber-attack that took place as a result of software updates not taking place was the recent Microsoft Exchange email flaw, which the National Cyber Security Centre (NCSC) estimating 7,000 servers had been affected.

What happened?

When the global security issue within Microsoft’s Exchange email system - a platform used by many small organisations, big-name corporations, and public bodies around the world - surfaced last month, the flaw was at first exploited by ransomware groups to gain access sensitive data.

Microsoft put out an announcement advising all users to download the latest updates, which lead to additional criminals also identifying the flaw, with widespread attacks then ensuing. Ransomware causes a total lock-out of a user’s data by encrypting it and rendering a computer system unusable. This is accompanied by a displayed message demanding a fee, with a threat of the data being stolen and/or deleted if there is failure to comply.

The NCSC also reported that such malicious software had been installed on 2,300 machines which they helped businesses remove.

What can I do?

If your business runs as a result of being connected to the internet, you must keep computers, devices, applications and software patched and up to date, and where you can, add the use of two-factor authentication with strong passwords.

Here are some top tips for updating software and installing patch updates:

  • Consider replacing devices that are no longer supported by the manufacturer with newer models. You can look online to check the support expiration date for your current device.

  • Update all apps and your device’s operating software whenever prompted

  • Set all software (including anti-virus) and devices to update automatically

  • Turn on your anti-virus (AV) product and check it’s up to date. It detects and removes any viruses or other malware (malicious software) from your device. Don’t switch it off!

  • Make sure the AV is set to automatically scan all new files such as those downloaded from the internet or stored on a USB stick, external hard drive, SD card or any other form of removable media

  • AV products aren’t necessary for smartphones or tablets, as long as apps are installed from official stores

Think your computer has been infected? Run a full scan using your AV software and follow any recommended instructions.

We hope this demonstrate the importance of adopting these essential habits. They only take a few minutes of your time to action plus, making regular checks will save you from any costly ‘if only I’d done it’ moments. Please drop the SWCRC team a line if you’d like further assistance with patching updates or any other cyber security needs.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.