At my husband’s office, the IT department has a set-up where any patches and updates are done automatically through the network. It is set up that way for two reasons: One is to control what people on the network are downloading (vital in that work environment) and two is to make sure these important patches and upgrades are installed. As an IT guy told me at a social gathering, if it isn’t done that way, they can’t guarantee the updates would ever get installed. And they can’t risk a breach.
The IT guy was right to not trust the staff to install updates on their own if his co-workers are like the people who responded to a recent survey conducted on behalf of Skype, Symantec and TomTom as part of International Technology Upgrade Week. The survey found that 40 percent of adults do not update their computer when initially prompted. And then, most of them take up to five prompts before they actually do anything.
Those of us who write about security or work in the security industry aren’t immune to this behavior, either. After sitting through a conference seminar where the importance of updates was extolled, a group of us sheepishly admitted that we weren’t always prompt about following our alerts, either, especially when we were on the road (when we need them the most, of course) and running our machines on battery power. So, even those of us who should know better aren’t perfect about updates, making it pretty easy to understand that those who don’t think much about security don’t see the point.
And, according to the survey, about 50 percent of users are in that category — 25 percent said they see no benefit in having to update and 26 percent said they don’t understand what the updates actually accomplish. This makes sense to me. I’ve had conversations with people who are not computer-savvy, who say they don’t update because they are afraid the update will load a virus onto their system. Even when I say that the point of the update is often to close vulnerabilities and prevent a virus from getting in, they still balk at the prompt.
Adobe and Symantec both argued that their updates were easier to deal with than in the past. The former has made aggressive moves in the area, in large part because of the target its Adobe Reader and Adobe Flash Player have become to hackers.
Easier to deal with? Maybe. But they don’t explain what they are fixing, and that’s what 50 percent of users have trouble with. They want to know why they need to do this update. Security publications usually do a good job of explaining the reasons behind the updates, but I’m going to guess that the 50 percent aren’t reading security publications, either. That’s why it is has to be up to the IT department to somehow get the word out to employees on why the update is happening (I think this would be an ideal job for an intern, personally).
Or do what my husband’s office does and take the choice of whether to hit “install now” or “install later” away altogether.