2. The Sophistication Check - Part II
In the previous check, we checked if your operating system was being updated and patched. Now let's check if individual applications on your computer are up to date. Remember, this drastically increases the sophistication required to hack you and makes you a harder target. Anybody can watch a YouTube video and learn how to exploit known vulnerabilities. In the physical world, not patching your system and applications is the equivalent of leaving your front door unlocked. Don't let this be you.
EXAMPLE: The WannaCry ransomware attack was the result of a known vulnerability in Office that had already been patched by Microsoft months before the outbreak.
The Spot Check (Windows Only):
STEP 1: Go to the Ninite Website
STEP 2: Check the boxes to select the software applications that are on your computer
STEP 3: Download and run your custom updater by clicking the "Get Your Ninite" button
STEP 4: Review your results
PASS: You want all your applications to say "Skipped (up to date)." This means that the application is already updated.
FAIL: Applications with any status but "Skipped (up to date)" are out of date and require an update.
If you fail:
If your operating system is not up to date:
- Have a conversation with your IT person about why your software applications aren't automatically updating.
- Ensure your applications are updating automatically going forward, perhaps by purchasing patch management software. Contact us if you need help as this is included with our service. Alternatively,you can put a manual processes in place to ensure you are updating your apps on a regular basis.
- Contact Ariento or another vendor you trust to get a vulnerability assessment to see where else you may be at risk and to provide you concrete recommendations for improving your security posture.
If you pass:
If you passed the test and were surprised, or didn't know how your apps were being updated, research how your apps have been updating. Put into place a process to audit this going forward, and confirm on a regular basis that updating is occurring.
You may find that you need someone managing this as part of their normal day job. This could be an employee or outside professional.