Why CPAs should pay attention to 'Patch Tuesday' from Microsoft
By Daniel Moshe
January 5, 2022
Microsoft unveils an extensive list of vulnerabilities targeting its products on the second Tuesday of each month. With it, the software giant releases a round of patches to secure flaws being actively exploited by cybercriminals. It calls this recurring day of maintenance “Patch Tuesday.”
Many of these patches affect software used by CPAs and the finance industry, which underscores the importance of keeping on top of software update installations. For example, December’s Patch Tuesday included 67 security fixes, including for active exploitations of Microsoft Office, the Chromium-based Edge web browser, Windows Installer and Remote Desktop Client. Users that download the most recent software updates can ensure that their programs are being protected from these vulnerabilities.
It’s common practice for software providers to release updates, as malicious hackers are constantly trying to find weak spots to break through. However, many businesses and consumers ignore software updates, likely not realizing the importance of maintaining good technological hygiene. Microsoft often highlights this point in its annual Security Intelligence Report, where it points to examples of customer breaches caused by vulnerabilities that had years-old patches never implemented by the user.
Being aware of these vulnerabilities and actively patching them is critical to keeping your defenses fortified. According to a survey from the
Ponemon Institute, 60% of breach victims in 2019 involved known vulnerabilities where the patch was not applied, and 62% of those companies were unaware that their organizations were vulnerable prior to the attack. CPAs can access Microsoft's Patch Tuesday reports each second Tuesday of the month
at this link.
Cybercrime has been on the rise and is showing no signs of slowing down. According to the FBI’s Internet Crime Complaint Center, cyberattacks have increased
a whopping 300% since the start of the pandemic to more than 3,000–4,000 daily complaints from 1,000. Hackers are expected to inflict damages of
$6 trillion globally in 2021 and grow by 15% per year over the next five years to reach $10.5 trillion by 2025.
Since Microsoft products are often targeted, including Excel, it’s extremely important to keep automatic updates turned on and to have IT professionals pay close attention to vulnerabilities and patches. A breach could compromise important customer and company data, take business operations offline for an extended period of time, and cost companies a significant amount of money.
Updated software is your best defense against malicious actors. This is critical in an industry such as ours that fields highly sensitive client data. It’s not a bad practice to wait a week after Patch Tuesday to see if there are any unexpected issues with the security patches breaking other aspects of the software. But don’t wait too long; the longer you sit on a patch the more exposed you become to cybercriminals.
Daniel Moshe, founder and CEO of Tech Guru: Enlightened IT for CPA Firms, combines his passion for business and technology with finance and accounting to help modernize accounting firms and strengthen the entrepreneurial ecosystem. His reputation as "the caring entrepreneur" stems from his initiatives to donate IT services to not-for-profit organizations and his over-and-above care for his team members. Daniel is also a certified EOS® (Entrepreneurial Operating System) implementer at Strong in Six, where he works with leadership teams to implement a set of simple, practical tools to help them get what they want from their businesses. In addition, he regularly speaks at conferences, teaches webinars, and hosts podcasts in the fields of technology and business leadership.
