Level 2: Immediate Actions
Guide 4 of 4

Software Updates & Patch Management

Why Updates Matter

Cyber criminals often break into systems using known weaknesses (called vulnerabilities) in outdated software. When companies fix those weaknesses, they release updates called "patches." If you don’t install them, you stay exposed, even if the fix exists.

Keeping your software updated is one of the simplest, most powerful ways to protect your business.

What Needs Updating?

  • ✓ Your operating system (e.g. Windows, macOS)
  • ✓ Web browsers (e.g. Chrome, Edge, Firefox)
  • ✓ Mobile phones and tablets
  • ✓ Business apps (e.g. accounting, booking, POS)
  • ✓ Antivirus and security software
  • ✓ Any hardware with software (e.g. routers, printers)

How to Stay Updated

  • Turn on automatic updates wherever possible. This includes Windows Update, Mac Software Update, browser settings, and apps like Zoom or MYOB.
  • Set a monthly reminder to manually check devices that don’t update automatically (e.g. printers, routers).
  • Remove old software you no longer use. Unused apps may still create risk.
  • Update mobile devices regularly, they often hold business emails, messages, and apps.
  • Restart devices weekly to apply updates properly.

Real World Example: What Happens Without Updates

Case: In 2017, Equifax, a large credit reporting company, was hacked through a weakness in software they used called Apache Struts. A security update had already been released, but their team did not install it in time.

Impact: The personal information of 147 million people was stolen, including names, Social Security numbers, and driver licence details. It became one of the biggest data breaches in history and cost the company over 700 million dollars in fines and cleanup.

Fix: After the breach, Equifax created a stronger update system. They now use tools that automatically check for missing updates and send alerts when something important needs fixing. They also made sure someone is responsible for tracking and confirming patches are installed.

Source: U S House Oversight Report on Equifax Breach

Start Here: This Week

  • ☐ Turn on automatic updates for all computers and devices
  • ☐ Manually check any business critical apps
  • ☐ Schedule a 10 minute check up on the first of each month
  • ☐ Remove apps and software you no longer use
  • ☐ Restart all devices weekly to complete updates

Tip: Add this to your calendar now. A few minutes a month can save you from major headaches later.

Next Up Backup and Recovery

Learn how to keep backups safe and recover your data fast if something goes wrong.

Backup and Recovery NEXT

Get ready for data loss and ransomware

Back to Guides

See all security guides

Risk Assessment

Find your biggest security gaps