I recent survey by several leading software manufactures found that only 40% of users accepted alerts requesting them to download an install an upgrade, update, or security patch, even when the updates are free of charge. The reasons given most often were:
- The end users didn’t know if the alert was valid or not, were concerned the alert was fraudulent, and that they risked downloading malware or some else as bad.
- There was no perceived or explained benefit to the end user, so they figured there was no point in downloading the update.
- They were expecting the upgrade to take a long time and be an inconvenience or a hassle.
- There were no reasons given for the updates, so they did not understand if the updates were important or not.
We tell our clients to be suspicious about downloading anything unexpected, so it is not too surprising to see this figure. I do field a lot of calls and emails from clients asking me if Java or Adobe updates are ok to run, and once in a while I get questions about Windows Updates. The way to know, when you are asked, is at your fingertips. Simply using Google to search for the update in question will tell you if it is safe or not, and this is our recommended solution any time you get a pop-up windows, software message window, or error message that you don’t understand – just look in Google and see what you find.
ShareAUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com