23% of employees have previously had a dispute with IT staff about the importance or frequency of updating their work devices. Surprisingly, IT teams tend to agree with such demands and let two-thirds (64%) of staff skip installing updates on certain software or OS at all. This was revealed in a study commissioned by Kaspersky to explore workers’ attitudes and habits toward updates.
Updates not only bring new functionality and fix bugs, but also address security vulnerabilities. And once a security update is released, malefactors know about these issues. That is why patch management is essential for corporate security. However, some staff members are reluctant to update their work devices, meaning that there are vulnerable computers, laptops, and smartphones in the corporate network.
Worryingly, these disagreements bring about the desired results for employees. Respondents who argued with IT about updates were asked two questions – whether they were allowed to skip updates (64% said they were) or whether they were allowed to choose what to update (the same 64% chose this option).
Employees may request these options because they are afraid that the time spent updating may affect their productivity. More than half of respondents are actually distracted from work because of updates: 43% take a break from what they were doing and 8% just wait patiently at their desk. Difficulties don’t end at the installation stage, as 36% of employees agree that learning new versions of software is a waste of time that could be spent doing their job.
Overall, 44% of respondents stated that they are less concerned about updating their work devices than personal ones, suggesting that keeping work devices up to date is an insignificant consideration.
“We recommend employees regularly update their devices – it will not only keep them protected, but each update takes just a few minutes. This short downtime can be used to recharge the body and mind without any harm to business processes. For example, employees can use a short, simple set of exercises from the cheat sheet created by Kaspersky. It can be sent to colleagues, so they can print it out and take a look once updates are underway,” comments Elena Molchanova, Head of Business Development, Kaspersky Security Awareness Trainings.
To help IT staff to encourage employees to regularly install updates, Kaspersky recommends:
- Preparing instructions or video lessons on how to use the updated software. Provide contacts for people who employees can reach out to in case of any issues
- Informing staff about the importance of timely updates and what can go wrong with their data and the company’s assets if cybercriminals exploit unpatched security issues
- Warning employees that if they put off updates for a long time, their devices can install them automatically and restart their devices when they are busy with urgent tasks
- Implementing a security awareness course that covers this topic, such as Kaspersky Automated Security Awareness Platform
- Downloading and sharing the Kaspersky cheat sheet with exercises that help with ‘tech neck’
- For critical IT or operational technology systems, it is important to always be protected regardless of delayed updates. This means systems should only perform a predetermined activity. KasperskyOS supports this concept of Cyber Immunity and it can be used to build IT systems that are secure by design.
The full report is available by the link.