My Dear Old Mum phoned the other day to ask my advice on a computer problem. Ever since she got broadband, she said, whenever her PC started up it would nag her about installing some Windows security update or another. She'd press cancel but it would just nag her again later. Then she'd restart and it would nag her yet again. It was driving her crazy. "Hey Mum," I said. "Instead of pressing cancel, did you ever think to just let it install the updates?"
Don't laugh. It's always easier to pick on those less computer-literate than ourselves. But my Mum's predicament actually points to a problem of much greater significance. As it turns out, failure to install security updates isn't limited to individual home users. According to recent research by security vendor Sophos, an alarming number of business desktops are out of date, too.
Among the findings of the Sophos report: More than half of the 583 business systems surveyed were missing at least one Microsoft security update. More than half had disabled their local firewalls. And almost half had actually disabled their own endpoint security software, which otherwise would have monitored for potential attacks by worms, viruses, and Trojan horse software.
Obviously, these figures, if accurate, are completely unacceptable. The question is what to do about it? It seems clear that more user education is necessary, but IT admins will have an uphill battle convincing users not to disable endpoint security software if their basic security update policy is so lax that they're not installing regular updates. Worse, if users aren't aware of the need to install security updates on their work computers, how will they learn to perform the same updates on their PCs at home?
If you've got a solution, I'd love to hear it. In the meantime, I can only offer the advice I gave my Mum: The next time Microsoft recommends that you install a critical security update, just click "OK." It may mean some temporary inconvenience for now, but it will be nothing compared to what you could face if you leave your PC vulnerable to attack.
No comments:
Post a Comment