The Technology Trick Everyone Should Be Using

You get them all the time—those annoying popups that invite you to install the latest update on your phone, tablet or computer. The notifications typically come at inopportune moments: when you’re in a meeting, preparing for a presentation or using social media. Because the popup is an interruption, the natural response is to hit “Remind Me Later” instead of installing the update upon first notification.

This article will make you second guess that decision.

Each time you receive a notification that an update is available for the software that runs on your device, you should proceed with the update promptly. The updates—and they come from manufacturers such as Apple, Microsoft, Alphabet (formerly known as Google), Adobe and many others—typically mean that a security flaw has been discovered in the specific product you are using and that a fix to the security flaw has been created. The only way to get the fix on your device is to install the update.

In industry parlance, the security flaws are known as vulnerabilities because the flaw leaves both the system and your data vulnerable to exploitation. In the United States, the clearinghouse for vulnerability reporting is the United States Computer Emergency Readiness Team (US-CERT). Typically, a vulnerability allows an individual to remotely take control of the devices you use, both at work and home, in your daily activities. Last month, Apple released security updates to many of its products, including iOS, MacOS and others. See the US-CERT website for the full list.

Think about what that means: You probably use your phone, laptop and tablet every day to conduct personal matters and confidential business activities—and those devices could no longer be under your control. If you, your family or your business are being targeted for corporate intelligence, espionage or individual identity theft data-gathering activities, the job for your adversaries just got a whole lot easier.

Did you know that it is possible to remotely turn on the camera to record both still pictures and videos of you and your family members? And you’d never know it was happening, because the attacker can disable the notification light when recording. The microphone can also be remotely turned on to stream or record a meeting or personal conversation. What about all the data stored on your phone, tablet or computer? Yes, your pictures, videos and files can be copied and deleted from your devices (and that of your spouse and kids). That’s just a sample of the malicious activity that can be conducted by an attacker who is targeting you, your business and your family. Lots of people think that this could never happen to them—until it does.

The easiest mitigation to these vulnerabilities is to:

  1. Update your device as soon as you receive a notification that an update is available. Save anything you are working on, then install the update.
  2. Use a webcam cover on your laptops. Sometimes vulnerabilities exist in systems for quite a while before they are discovered and a fix is made available. By using a webcam or camera cover, you could stop someone from capturing embarrassing images and videos that may be used for blackmail purposes later.
  3. Consider covering your laptop microphone with electrical tape if you want to keep your conversations private.
  4. Determine if a meeting or conversation you’re about to have is sensitive enough to warrant you turning off your devices and leaving them in another room.

Some companies, such as Microsoft, have noted the pattern of customers ignoring security updates and are taking steps to counteract that. Microsoft now automatically applies patches to your computer while it’s not in use during the evening after a new update is released. But you shouldn’t make the company do the work for you, if only because not every company will. Install security updates as soon as they’re available.

Scroll to Top