Washington University Community:
Modern computers and mobile devices are so complex that they invariably have unintended flaws. Some of these flaws create vulnerabilities by which cybercriminals can attack your computer, tablet, or phone. In fact, these vulnerabilities are one of the most common ways devices are hacked.
The good news is that it is surprisingly easy to block the vast majority of them simply by enabling and allowing automatic updates. It’s so easy and effective, I call it “automagical!”
This usually starts with enabling automatic updates to the operating system of your computer or device. Whether it is a Windows or macOS computer, an Apple or Android tablet, or a phone, there is an easy way to set this up:
- To keep Windows itself updated, click on the Start button and choose Settings.
- On the Settings menu, choose the Update & Security button.
- Then, choose Windows Update if it hasn’t already been selected.
- Go to the Advanced options page, and select Automatically download updates.
- To keep applications updated, click on the Start button, then select Microsoft Store.
- In Microsoft Store at the upper right, select the account menu (the three dots) and select Settings.
- Under App updates, set Update apps automatically to On.
- Go to the Apple menu, select System Preferences, then Software Update.
- Check the box next to Automatically keep my Mac up to date.
- Then click the Advanced button, and make sure all the boxes are checked.
Apple iOS iPhones and iPads:
- In the Settingsapp, select General, then Software Update.
- Tap Automatic Updatesand turn on both Download iOS Updates and Install iOS Updates.
- To keep the system updated, configure the auto-update by going to Settings > About Phone > System Update. Then, tap on the Menu key > Settings.
- Next, select Auto-download over Wi-Fi.
- To auto-update apps, open the Google Play app and go to Menu > Settings. In the General section, tap on Auto-update apps.
- Then select either: “Auto-update apps at any time (Data charges may apply)” or “Auto-update apps over Wi-Fi only.”
Magic is only okay for individuals
While turning on auto-updates makes a lot of sense for personal devices or devices that operate independently, it is riskier when a device needs to remain compatible with special software or hardware for specific functions at work. By and large, systems that are used by many people, say, for example, Amazon.com, work just fine no matter what versions of software you are using, so long as it is still supported by the vendor. The same cannot be said of less popular programs and systems, so companies often test updates before pushing them to company-owned devices.
There is always a small risk that an update will make something stop working, so you must make sure you are backing up your device, or at least the important files on it, as I discussed in October’s Keeping Information Security Simple – Backup, Backup, Backup.
That said, I’ve seen many people whose devices are hacked by bad guys because they hadn’t installed updates, but I can only remember two or three times (in over 30 years) in which updates caused a problem.
Don’t forget to check
Once you set up auto-update services for your devices, please check every once in a while to make sure they are working. Some vendors require you to accept a new license agreement or terms of service before installing an update, which breaks the magic.
Be extra careful with your physical device security over the holidays! My Keeping Information Security Simple letters, “ Physical Security Comes First “ (September 2021), Backup, Backup, Backup (October 2021), and “ There’s No Better Feeling Than Recovering Your Lost Device!”(November 2021), provide important tips.
Good luck and be careful out there!
-Chris Shull, CISO
- Information Security Strategies for iOS/iPadOS Devices | Office of Information Security | Washington University in St. Louis
- Information Security Strategies for macOS Devices | Office of Information Security | Washington University in St. Louis
- Information Security Strategies for Windows 10 Devices | Office of Information Security | Washington University in St. Louis