We are all aware that manufacturers want us to buy their latest devices and server offerings, sometimes making older equipment either redundant or obsolete in the process. With each update of operating system software comes the two-fold problems of compatibility and security risks. It is widely recommended that core software and applications are kept updated with the very latest releases in order to avoid or rectify security vulnerabilities, although for less critical systems, waiting for a while before installing new functional releases and operating system versions is often the best strategy. Sadly, the evidence from extensive research programmes show that most systems, web servers and personal devices are not kept up-to-date with security patches, with substantial associated risks and costs.
A quick glance through the links above is enough to worry the most experienced of IT professionals. It is clear from recent catastrophic security failures that applying patches and updates as soon as possible is vital. But it comes with the added risk that the update may fail, or be applied after a serious security breach has occurred, or may appear to succeed but have unintended side effects such as applications failing to run or requiring separate updates or even updating or replacing of hardware.
There are no easy answers for all situations, but here are some strategies that can mitigate against the worst problems:
have a clear, documented plan for all of the most predictable and possible eventualities, and expect the unexpected!
ensure all critical systems and devices that connect to the internet have complete and up-to-date offsite backups and that you regularly test the process of recovering data from these backups
review update reports and apply critical security updates at the earliest opportunity
ensure that suitable systems security software is installed, operating correctly and is continuously updated, and recognize that such software is almost always "behind the curve" as far as the latest attacks are concerned
duplicate systems wherever possible and appropriate, with updates being applied to just one system or device first
where multiple versions of operating systems exist and cannot provide backward compatibility, retain multiple devices for applications that require ongoing usage without disruption and/or for testing purposes
if a serious breach has occurred or is suspected, specialized software products, services, and formal procedures can be used to identify, control and ultimately help to resolve the problem. Example software tools include SentinelOne (https://www.sentinelone.com/) and Cybereason (https://www.cybereason.com/). Software of this kind is primarily a defence mechanism providing tools to manage potential threats as they occur. By themselves they do not do clean-up post intrusion
be aware that undetected security threats may have extended to backups, so restoring these may re-introduce a previously undetected issue
provide the highest level of protection to personal and financial information, accepting that not every risk can be mitigated against, as many organizations, large and small, have found to their cost
if in doubt, or if you have a lack of suitable expertise in-house, identify a reputable external security specialist to provide a regular independent review of your devices, systems and procedures
In our next Security Newsletter we will be focusing on Email security
2. OFFLINE - DEVICE-BASED SERVICES
Javelin secure PDF reader for MacOS update:
A new version of our Javelin3 for MacOS secure PDF reader has just been released (v3.05.04). It now supports the following features:
catalog naming now uses full text name rather than filename in title
prompt when new versions available
enable page selection via the page number box for very large documents (1000+ pages)
auto-update main catalog list when first accessing the catalog facility
Javelin secure PDF reader for Windows update:
A minor update to the Javelin3 for Windows reader has also been just released. The update supports the use of non-standard local file specifications when listed on the Home page, Recent Files list
iOS and Android versions of the Javelin readers were both updated last month and most users will have received the updates automatically via the AppStores