UNIVERSITY PARK, Pa. – When individuals update their machines to the latest software, they might forget to reboot their system – a key mistake to maintaining your system’s security according to the Office of Information Security (OIS) at Penn State.
Software updates or “patches” are provided by software vendors to offer fixes for security flaws. The timely downloading and installing of software updates are two critical steps to keep computers secure and make machines less vulnerable to cyber-attacks. However, there is a third step: rebooting the machine, as many software updates will not take effect until the computer is shut off and restarted.
“Patches are designed to fix security flaws that attackers can use to take data or even take over your machine,” said Richard Sparrow, Penn State’s interim chief information security officer. “If you aren’t rebooting the machine after installing updates, you aren’t actually implementing the new security parameters. This creates a security issue that we’d like to avoid, as proper patching helps protect the University as a whole.”
Importantly, Sparrow shared that a misconception is that attackers only seek critical University assets or resources. Sparrow emphasized that attackers often look for targets of opportunity and unpatched software makes it simpler for cyber criminals to exploit vulnerable systems.
Not only does rebooting a computer after updates keep software functioning properly, but one unprotected machine can allow attackers to gain entry into a system, which can lead to devasting impacts across many systems in an organization.
As a preemptive practice, OIS advises employees to help IT units keep their computers secure by allowing updates and rebooting. Employees can install their updates or coordinate with their IT administrator once updates become available.
While updates have become simplified due to scheduling capabilities, such scheduling may cause someone to forget to reboot their device. Individuals also may lack time to reboot during a workday. In such situations, OIS advises individuals to proactively reboot their machine every few days to allow updates to take effect.
For more information on security, please visit the OIS website.