Sometimes it seems like your computer decides to install updates at the worst possible time. You’ve got a potential new client about to join your Zoom call and suddenly “Your computer must restart to finish installing updates”. Noooooooo!!!
If it’s not the timing of the updates, sometimes it’s what the updates do to your computer! All of a sudden, features you use every day have changed places, or even worse, are no longer present! Talk about a frustrating waste of time!
The most infuriating part of this whole update treadmill is that for most users, the updates seem pointless. Your computer was working just fine before, why do I need to install all these updates on a constant basis?! It feels like a whole lot of risk for very little reward!
In reality, there’s a whole lot more to it that you may not be aware of. Updates are definitely not pointless, and the risk you expose yourself to by not installing them on a regular basis far outweighs the inconvenience they can sometimes impose. In this article I’ll try to explain some of the reasons why you should not only reconsider your opinion of software updates but become a proponent of constantly making sure your systems are always up to date.
As usual, I’d like to explain this with a story. Like many of the other stories I have told here, this is based on actual companies we’ve dealt with over the years, but of course, the names have been changed to protect the innocent.
Meet George, the president of a local clothing distribution company. George’s business is not super hi-tech, but he does have a fairly impressive IT infrastructure none the less. All of his company’s servers are on premises and every employee has a computer to assist them with their day to day operations. His employees regularly deal with overseas manufacturing and distribution companies and his design team uses fairly high end workstations to produce top quality content for their upcoming product lines.
Unfortunately, George has very little patience for IT issues and expects things to always work exactly how they always have. Due to this, he always rejected any plans to adopt a regular patching schedule for his IT infrastructure. “If it ain’t broke, don’t fix it!”
There are constantly new projects and new releases occurring in his business. So much so, that he can’t afford the downtime required for patching his servers, nor can he afford the potential for his employees to be interrupted by “unnecessary” Windows update installations and reboots. As a result, every single system has been configured to never force the installation of any updates, leaving everything up to the individual users to install when they feel like it.
Although this approach seemed to work surprisingly well for many years, everything came to a screeching halt one Tuesday morning. All of a sudden, none of the design team were able to open any files on the server. Every single file they attempted to open seemed to be corrupt. How could that happen? A few moments later, the accounting department also had a problem, one by one users started reporting an ominous message stating that their personal files have been encrypted and in order to decrypt them they would need to pay 3 bitcoins? (The equivalent of about 45000$ back then) Department by department people were losing access to their files or to the computers entirely. Panic was starting to set in. No one had any idea what was going on or what to do about it. The only thing that was abundantly clear at this point is that they were hacked and there was now a huge mess to clean up.
George’s in house IT team was in way over their heads. They spend almost 24 hours scrambling, but ultimately not making much progress. That’s when they finally decided to reach out to us for help.
We were able to quickly assess the situation and block the attacker’s access to George’s systems. Recovery meant restoring from backups, which thankfully were reasonably well maintained and up to date. None the less, it took almost 2 days to recover enough of their systems so that most of the staff could begin working again, and unfortunately at this point irreparable damage to the business had been done. Deadlines had been missed, orders cancelled, reputations tarnished.
So how did this even happen?
Simply put, there was a security vulnerability in the ERP software they used to run the business. Because their ERP system was available over the internet so that their overseas partners could access orders and inventory information, it was an exceptionally big target. Once the hackers set their sites on this system, they were able to exploit the vulnerability and gain full access to that server itself. From there the hackers used their access to the network to push out malicious software to every computer on the network at the same time. Software that would encrypt their data and lock them out of their systems entirely. Because most of their systems were so out of date, just about every single system was vulnerable to this malware and not a single alarm bell went off before the damage was done.
To add insult to injury, the exploited vulnerability was well known by both the ERP software vendor as well as Microsoft themselves, and both had released updates to address the problem months ago!
Once the dust had settled and George’s business was operating again, we had a long chat about what happened and how it could have been avoided. Needless to say, once George understood what was at risk by leaving his systems mostly unpatched, his stand on patching changed dramatically. The occasional interruption to reboot every once in a while, was now seen as an incredibly small price to pay in order to keep this kind of event from reoccurring.
Shortly after that, George signed up for our MSP services and among other things, we reconfigured all his systems with our standard automatic patching policy.
Update Approvals
All updates (except for drivers, hotfixes and OS version upgrades) are automatically approved for installation 15 days after the vendor releases them. For Microsoft, that means once per month, but for other software vendors the schedule varies.
Installation Schedule
- Servers – All approved patches get installed automatically once a month, on a day and time that is least disruptive for the business. Usually this ends up being Sunday mornings from 2AM to 6AM.
- Workstations and Laptops – All approved patches get installed every single day, starting at 6PM until 6AM the following morning with an additional 1 hour installation window every day at lunch time. Additionally on Friday, Saturday and Sunday we allow system to install patches all day long.
With this setup, most people do not even realize their systems are getting updated as all the magic occurs while they are not actually using their computers. Every once in a while, there is someone who ends up working late and may need to reboot following automatic update installation, but because their systems are already mostly up to date now, these interruptions are a few minutes at most.
On top of the security benefits, they are also now getting software bugs fixed in a timely fashion and new features added automatically! Sure, sometimes these new features have a bit of a learning curve, but on the whole it has permitted most of the staff to work even more efficiently and take advantage of new ways to get the same job done easier or faster than ever before.
If your systems are not currently getting updated automatically, you really should take the time to figure out why, and if your reasons are even remotely similar to George’s original reasons, reconsider immediately! More than ever keeping your software up to date is crucial to keeping your data secure and your staff working efficiently.