Читать книгу Start-Up Secure - Chris Castaldo - Страница 18

Another primary tenant in cybersecurity is updating and patching; these are critical procedures to achieve balance with confidentiality, integrity, and availability (CIA). That annoying time once a month when you have to close your browser with 50 open tabs or worse, close all your applications, and reboot your computer. The process differs between Windows, MacOS, Android, and iOS but the goal is the same – a vulnerability is discovered, the vendor creates and releases a patch, and then you must apply the patch.

In the early stages of start-ups, it is a very minimal risk to enable auto-updating in your most-used applications and operating system. This doesn't apply to production environments that are used by paying customers, but we'll get to that in Chapter 9. If you are a typical start-up you will most likely use a laptop and mobile phone. We'll focus on laptops first.

Both Windows and MacOS have the ability to download and install security updates with little interaction required from the user. At most, you will be prompted to reboot your computer, which might take only a few minutes of lost productivity out of your day. However, the security gains from applying those patches immediately will help protect you from devastating ransomware, like WannaCry in 2017, most of the time. Nothing in security is 100%, which is why there are so many layers to a successful cybersecurity program. If you are not sure if this setting is enabled you should check in your system settings in either Windows or MacOS.

Besides monthly updates, there are completely new versions of Windows and Mac released about every 18 months on average. It is not imperative to cybersecurity to immediately spend $200 on the latest version of Windows or Mac if the current version you do use will continue to receive updates. To find out how long you will receive those updates you can search for things like “Windows 10 end of life” or “Mac OS end of life.” The results should provide you with the final date on which Microsoft or Apple will discontinue creating security patches. For example, if you are using Windows XP you should immediately buy the latest version of Windows or a new computer, as it is no longer supported by Microsoft and no longer receiving security updates. At the time of writing, the average cost of a ransomware attack on a single system is about $300 to unencrypt your data. Once compromised you can no longer trust the security of that system or the data on that system. In Chapter 7 we'll talk more about what to do if your start-up suffers a data breach.

The next layer of security you must be aware of is the applications you might use on a daily basis: Chrome, Firefox, Safari, Office, Slack, etc. All the components you use to create and run your start-up, these too can be vulnerable. I mentioned earlier that stolen credentials are one of the leading causes of data breaches. And those credentials are typically stolen in one of two ways: social engineering or software vulnerability exploitation.