2025 Cybersecurity Guidebook Chapter 4: Keep Software and Systems Updated

Our managing partner, Dustin Bolander, sat down to discuss why you should keep your software and systems updated. The conversation has been lightly edited. You can read a summary below or watch the video here: https://www.youtube.com/watch?v=KO8xTY48Lyw

Trey: Continuing on with our chapters of cybersecurity guidebook, this week we are hitting on keeping your software and systems updated. Dustin, do you want to talk about that?

Dustin: Sure, if this were 10 years ago, it would be a lot tougher so that is good news! A lot of companies don’t give you an option anymore when it comes to updating your stuff. I have an Android phone right now that doesn’t work well with my car because a bad update came out. The flip side of that is the security gets a lot better on that stuff. The software and security updates that aren’t as great are the vendors we are using because they are out of our control. One great example that’s going on right now is if you’ve had the pleasure or maybe had to suffer, through the new outlook. Microsoft said that within the next few months, they are going to force it on everyone. Now all these other vendors are having to update their add-ins for that. The problem is that the new add-in system has been around for a couple of years now so this shouldn’t be a surprise. It is because the vendors aren’t sitting there updating their software to the latest and greatest because it takes a lot of work. Now that outlook is forcing them to, we may actually see some improvements with security. With things like Office 365 or Google apps, there are certain structures where they do have to go through all the vendors to make sure they are doing updates that are able to support new technologies coming out and being forced on us. A lot of it now is managing cloud applications and saas vendors. Looking at the security and how they handle updates, best practices, and new standards is an important part of that.

The other part that we see now a lot too is when it comes to servers. If you have your own server or even if they’re up in the cloud, they are just running on somebody else’s equipment. However, you may still be responsible for updates those Amazon Web Services and Microsoft’s cloud as well. You can run older, unsupported operating systems but that’s where a lot of companies get hacked. If you’re running a Windows 2012 server and it’s exposed to the internet because people need to be able to get to it from anywhere, that is an easy in for a hacker. You need to move to newer operating systems, make sure that your firewalls are getting updates, and things along those lines.

A lot of stuff has gotten pretty dialed in. It’s not running your Windows 10 updates or updating your iPhone, but now looking at different points of attack, meaning your firewalls. Even if you don’t have servers and such, you still have to think about vendors. Questions you should be asking are Are they doing security updates when they’re supposed to? Is my data protected?

Trey: Thanks! Clear Guidance Partners would love to be a resource for you and your firm. If you have any questions about cybersecurity, IT or back-office operations, fill out this form to have them answered: