System Updates and Cyber Security

No doubt: you are aware of the little pop-up windows or notifications on your computer screen. They tell you software updates are available for your computer, laptop, tablet, or other mobile devices. You might be tempted to click on the “Remind me later” button or even click on the “X” and close out the notification, especially if you are in the middle of something important. You aren’t alone! However, it is in your best interest not to put off updating your software. Once you are in a place where you can save your work and let your device perform the updates, go for it. 

Even though their frequency may come across as annoying, software updates are important to your digital safety and cyber security. Perform the update and you can feel confident your device is more secure — at least until the next update becomes available. 

Why are software updates so important? Here are a few reasons to help show why it’s important to regularly update software. 

1. Software updates are multitaskers 

Software updates offer plenty of benefits. It’s all about revisions. Some of these updates may include updating security issues that have been discovered, fixing or removing computer bugs from previous updates and helping with system performance. Updates contribute to your system’s overall health by adding new features and even removing outdated ones. 

2. Updates help correct security flaws 

In our digital world, hackers have taken advantage of previous updates by exploiting security flaws, also known as software vulnerabilities. According to Wikipedia a software vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. Hackers can take advantage of the weaknesses in past updates by discovering holes in the system’s security. Once a vulnerability has been discovered, a hacker can write a code or program to target the vulnerability.  

The code or program is packaged into malware — short for malicious software, this is what is known as an “exploit” which has the potential to infect a computer. Sometimes these exploits have have been known to mimic compromised messages, rogue websites or even infect media files such as audio and video files.  

What can malware do to a computer system? Malware has been known to steal data saved on a computer system or granting access to system files and even allowing an attacker to encrypt personal files.  

Software and system updates, specifically security updates typically include patches to correct security holes in a system. 

3. Software updates help protect your data 

Chances are you use your device to store personal files and you may take advantage of online shopping and banking. Your personal information, known as a Digital Identity (online shopping, banking and even from email accounts) is valuable to cyber criminals. According to Lifelock a Digital Identity “consists of various pieces of information about you—in digital form—that, when put together, point to you. Such pieces of information are often called “data attributes.” They can be something obvious, such as a username or Social Security number, or something less apparent, such as your online comments or search activities.” 

This information can be used by an attacker to commit crimes in your name, or an attacker may even sell your data on the “dark web”, enabling others to commit crimes. Some forms of malware are known as ransomware. Ransomware is an attack where malware encrypts your data files until you pay the attacker to release them – it is important to note that paying an attacker during a ransomware attack does NOT guarantee the release of your data files.  

Keeping your device up to date helps prevent such attacks from occurring. 

 4. Be a team player 

Keeping your device up to date helps protect your device from outside attacks, but did you know that it also helps defend others as well? Think of it this way, by keeping your device up to date you are helping to stop the spread of harmful software (like a virus or malware) from infecting your friends, family and even coworkers.  

Using trusted software, such as Microsoft Defender helps secure your device and helps protect those you interact with online. 

5. Stay cutting edge 

With all this talk of updates patching security holes, we can’t forget that updates also help improve your system by adding new features, improving older ones – and even removing features that are no longer needed.  

These updates help keep your system running and keep your device on the cutting edge by offering stability to programs that may have been slow to open or even crash from time to time. An update may speed up your system by optimizing performance. 

6. Ultimately, its up to you 

Remember, you always have the choice to ignore the updates – however you may end up missing out on functions that your associates may take advantage of. Not to mention that by doing so, you leave the door open for potential outside attacks.  

By: Mike Lane 

Resource URLs: 
https://us.norton.com/internetsecurity-how-to-the-importance-of-general-software-updates-and-patches.html  

http://spotlight.okstate.edu/dasnrit/category/security/

https://en.wikipedia.org/wiki/Vulnerability_(computing)

https://www.lifelock.com/learn-identity-theft-resources-whats-your-digital-identity.html

https://www.merriam-webster.com/dictionary/ransomware

https://www.microsoft.com/en-us/windows/comprehensive-security

https://support.microsoft.com/en-us/help/875349/how-to-change-your-automatic-updates-settings-by-using-windows-securit

End of Life (EOL) Are You Safe?

We all know about our software always wanting to install updates. Windows, Office, Adobe, Zoom, and just about any other software we install. At some point your software wants you to install, buy, download, or do an upgrade to a new version. This usually means the previous software versions will no longer be supported, End of Life (EOL). Now, this doesn’t mean the software will no longer work but it means it will no longer be supported.  

Why should we be concerned about a software application that will be EOL? When software becomes unsupported there are a few things that change: 

  1. No more security updates to prevent hacks 
  2. The loss of protection against potential viruses 
  3. The software may not work with our new device or computer 
  4. No more bug fixes 
  5. No more performance and reliability updates 

Earlier this year many of us had to upgrade to Windows 10 because Windows 7 was EOL on January 14th, 2020. If we did not upgrade, our machine would be open to malicious attacks because Microsoft stopped providing security updates. With the release of Windows 10 Microsoft changed the way they do version upgrades. Versions of Windows now look more like something like this: Windows 10, version 1909. These version releases are aimed to being released twice a year. Their projected months of release are March and September. The version number is coded with the first two digits are the year and the second two are the month of when it was released 1909 = Year was 2019 and Month was September. These versions also become EOL and will eventually need to be upgraded. You can find out more about Microsoft’s EOL versions here: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

The Windows operating system isn’t the only software that needs to be updated. Microsoft Office is also affected by EOL. You may be running an old version which is missing important patches, fixes and features. Another consideration when looking at EOL of products is Mainstream Support vs. Extended Support. Mainly the difference between the two is Mainstream Support provides feature updates, security updates, and bug fixes. The next layer of support could be Extended Support which usually means you will only get security updates. Microsoft has made an easy way to look up EOL on their products via the search bar on this page: https://support.microsoft.com/en-us/lifecycle/search If you look at this page and search for Office 2016 you will see Mainstream Support ends on 10/13/2020 but Extended Support does not end until 10/14/2025.

So, how can I find information about software I use other than from Microsoft? The best way is to visit the software site and find your version. This may tell you when your EOL date is for that version. Another way is to type in a web search for the product you have and using “EOL” or “End of Life” as part of the search. Just make sure the links you click for the product link to the manufacture’s page. For example, I searched for Adobe EOL and it suggested I visit this page: https://helpx.adobe.com/support/programs/eol-matrix.html Here I found a full list of Adobe products with their Versions, Release Dates, and End of Support dates.

Computing hardware (computers) can also have EOL dates. We update drivers on our computers, phones and tablets as well. Hardware can also have vulnerabilities that lead to security risks, bugs and compatibility issues. With hardware the thing to worry about the most is compatibility. You may have an old computer that you can’t update to a new version of Windows, or it may upgrade to Windows 10, but you cannot get Adobe to work because your video card isn’t supported. Hardware should not be overlooked when thinking about upgrades.

So now what? Well, maybe it’s time to do some inventory. This means both software and hardware. Take note of what software versions and hardware you have and look them up online. Find those EOL dates and see if you need to upgrade or replace something. You don’t have to do this often since a lot of companies will usually give you EOL dates far in advanced so you can prepare. Try and do this about once a year and you should have plenty of time to get everything up to date.

-Mike Rasmussen

Reference Articles and EOL Links:
https://apps.okstate.edu/itannounce/index.php/module/FullStory/action/FullStory?id=16348&From=Home
https://www.spiceworks.com/it-articles/end-of-life-software-dangers/
https://en.wikipedia.org/wiki/End-of-life_(product)
https://helpx.adobe.com/support/programs/eol-matrix.html
https://support.microsoft.com/en-us/lifecycle/search/1163
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
https://docs.microsoft.com/en-us/lifecycle/faq/general-lifecycle

Syncing Shared OneDrive Folders to Your Computer

Syncing the Folder Shared to You

You will have received an email from the person that shared a folder from their OneDrive. Click the Open button from the email and sign-in to OneDrive. Alternatively, you can access OneDrive through cowboymail.okstate.edu as well.

Once in OneDrive, click the Shared option in the left navigation menu. Find the folder you wish to sync and click the name of the folder to open it.

You should now have new options along the top ribbon. To sync this folder to your computer, click the Sync option on the top ribbon, which will then prompt you to open OneDrive. Depending on the web browser you are using this may look different, but the key is to allow the browser to open OneDrive for you. You may be prompted to sign-in to OneDrive. Be sure to use your OKEY email address and password to access your Company or School account.

Accessing the Synced Shared Folder

Unless you have disabled certain notifications in Windows 10, you should receive a notification from OneDrive that you are now syncing the shared folder. You can click that notification to bring you to where the folder is stored on the computer.

Otherwise, you can click the Manila Folder Icon on your Taskbar to open your File Explorer. From there, you can access all synced shared OneDrive folders by clicking the new button in the left navigation menu.

Creating a Shortcut to a Synced Shared Folder

Once you have synced a shared OneDrive folder to your computer, placing a shortcut on your Desktop to that folder is relatively easy. Make sure you have the folder open in your File Explorer, then Right-Click the folder, highlight Send To, and choose the option for Desktop (Create Shortcut). Voila! Now you can access that shared OneDrive folder using the newly created shortcut on your Desktop!

If you have any other questions or concerns, please feel free to contact your designated Technology Support Specialist.

Cybersecurity 2020: Safeguard Your Data

Why should you care?

How would you feel if you walked into your office tomorrow and your computer was gone? Does your physical and emotional state worsen if you realize all your data that you accumulated over the years was suddenly ripped out of your hands? Even worse, what if the data now in the possession of the thief contained your account information from banks and credit cards, and the personal information could allow them to steal your identity? If you are like me those thoughts put a knot in your stomach and make you realize how important it is to keep your data safe.

How can you prevent this from happening?

I bet you want me to tell you the one thing you can do to make your computer and your data safe! Unfortunately, there is no one thing you can do to completely protect yourself and your data. Thefts happen, computer hard drives fail, flash drives get lost or put through the washing machine, and even secure websites occasionally get breached exposing secure data. That doesn’t mean you should give up and not do anything. Instead, you should take steps, however small or insignificant they may seem, to protect your data. These small steps when put together will provide you with better data security than one fix-all solution (if it actually existed.)

Steps to help safeguard your data.

1. Use passwords on your devices. This is a very simple step that can create a huge stumbling block to anyone who would like to access your data. If you do not have a password on your computer, laptop, or phone anyone can simply walk up to it and have instant access to anything on your device. Passwords don’t have to be huge monstrosities that you have to write down to remember. Think of a word or phrase that is important to you and that would not be easy for others to guess. Even using a simple password is better than not using a password at all. Read more about passwords in this blog post.

2. Make sure you have your data backed up on to more than one device. Having all of your data on one device whether that is a flash drive, computer, or hard drive is never a good idea. All electronic devices have a limited lifespan and can have issues or even completely fail. If you have all your data saved only to one device, you are just asking for trouble. One of the best solutions is to backup your data online. This protects you from most vulnerabilities that would leave you with no data– yes even tornadoes and fires! OneDrive is a good tool for backing up documents and this blog post provide more information.

3. Protect your devices like your identity depends on it — because it does! When on trips, dining out, or even at work, never leave your devices unattended or in plain sight in your car. Technology is one of the most targeted thefts in the world today. If you have purchased a new phone, laptop, or tablet lately you probably noticed the prices are higher than the last time your purchased the same technology. This makes them an easy target especially if you leave your laptop or phone on your table in the coffee shop as you quickly run for a refill or to the restroom. Don’t assume your devices are safe. Read more about cybersecurity and your personal devices at this blog post.

4. Use Multi-Factor Authentication (MFA) on important accounts. OSU is in the process of implementing MFA for all employees. MFA is a security measure that decreases the likelihood someone other than you can log in and steal your data. Yes, this extra step to use your device or online account can make it a little more difficult. It also makes it almost impossible for anyone other than you to get access to your data and access your personal accounts – which is the entire point of MFA!

5. Finally, be suspicious of items that do not look or feel quite right. If someone emails or calls you claiming to be from OSU Information Technology and needs you to verify your account, it is fake. OSU IT already knows your information because it is configured on the servers. If you receive a phone call or email with misspellings, bad grammar or odd phrases, it most likely is not who they claim to be. When this happens, safeguard your information by not giving it out or clicking links in your email. (More information about phishing in a previous blog post.)

Cybersecurity 2020: Phishing

The Federal Trade Commission explains that phishing “is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source.” The message attempts to get you to share valuable personal and sensitive information such as login names and passwords, bank account information or a social security number.   

Tips to spot a phishing message: 

  • Move your cursor over all links in the message (do not click on a link) and notice the resulting text. For example, hover over this link: http://support.dasnr.okstate.edu Does the link address match the text? (In this example, notice the link does NOT point to the DASNR IT website referenced by the link text!) If not, be suspicious and consider deleting the message. 
  • Read the email critically. Note the sender’s reply-to address and make sure it matches the name. Watch for misspellings and unusual phrases. Be wary of deals and offers that seem too good to be true or are asking you to act with an urgency which might cloud your judgement.  
  • If things look legitimate but you are still uneasy, contact the sender either by telephone or with a new email message (not replying to the message). 

If in doubt feel free to contact me (dwayne.hunter@okstate.edu), an OSU Extension Technology Specialist or your DASNR departmental IT Specialist. #BeCyberSmart 

References: