How To Keep Up With Software Vulnerabilities

By Sybil Andrea
Apr 27, 2020
9 min read

With so much of our work revolving around digital tools, apps, and smart devices, businesses risk losing revenue and clients because of an unpatched security hole. Even an hour of downtime could lead to huge losses, not to mention the damage a serious hack can do to a company’s reputation. That’s why businesses must pay attention to the latest vulnerabilities and how they might affect them. Luckily, you can choose between multiple ways to keep tabs on the latest cybersecurity issues.

Why you should always keep in touch with the latest events

Everybody makes mistakes. The same goes for the people who create the software we use every day. Even if everything works perfectly, there’s always a chance that new techniques will allow hackers to exploit security holes that weren’t there before. And that might lead to stolen data, malware, ransomware, and financial loss.

People who develop the apps and services that we use do their best to fix any vulnerabilities that pop up here and there. But they might be too slow to keep up with everything that’s going on. That leaves a chance that someone will exploit a vulnerability after it is found, but before a patch is released.

However, if you take time to catch up with everything that’s going on in the cybersec world, you can prevent most vulnerabilities. If you learn about an exploit as soon as researchers discover it, you’ll be able to take appropriate measures in time to avoid any real damage. Or be on the lookout for any unusual activities. An ounce of prevention is worth a pound of cure — it’s much easier to prevent an attack than deal with its aftermath.

How to stay up to date

1.      Get involved in the cybersecurity community

Follow cybersecurity news online. Find news outlets you can trust and go through them while drinking your morning coffee. Wired, CNBC, the New York Times, etc. — it’s your pick. Reading daily cybersecurity reports will help you keep up to date with the latest events.

Cybersecurity companies also often have blogs that are worth paying attention to — like our NordVPN Teams blog right here. These blogs share the latest news and provide helpful tips on how users and businesses should act if their data ended up in a breach or a popular service got hacked.

Another group you should follow is cybersecurity experts and researchers. These are the people who spend their days looking for vulnerabilities in online services, software, and devices. They report their findings on their personal websites, which other news outlets often use as original sources.

If you need any suggestions, Krebs on Security is one of the most popular cybersecurity blogs out there. Even though Brian Krebs is a journalist, he’s one of the most prominent voices in the industry. He investigates online crime, writes about the latest threats and breaches, points out major security holes in popular services, and describes how those vulnerabilities can be fixed.

2.      Use social media

LinkedIn, Twitter, Facebook — whatever you prefer. Social media is a great way to stay up to date if you don’t have much time. Most news outlets, popular white-hat hackers, and security researchers will have dedicated accounts for sharing their insights. Look for people and businesses that report and comment on issues that you are interested in, even if they are not very popular. This will not only make your commute more interesting, but it will also help you know what’s going on in the cybersec world.

3.      Follow vulnerability alerts and databases

A public vulnerability database will feature all the latest news concerning cybersecurity issues. White-hat hackers, researchers, and analysts all make regular contributions to them. They won’t be easy to use and understand for beginners, but if you’re reasonably tech-literate, it’s a very useful service.

US government’s National Vulnerability Database, for example, lists and analyzes Common Vulnerabilities and Exposures (CVEs), while also tagging them according to their type, severity, and applicability.

VULDB, a community-driven vulnerability database, is also worth checking out. It constantly adds new vulnerabilities, monitors and updates old ones, and allows subscribers to look up particular products, developers, and types.

However, if you only want the short technical summary without minutiae delivered straight to you, consider subscribing to vulnerability alerts. It’s a third-party service that collects new vulnerabilities and presents them to you. You only need to enter what software and devices you’re interested in — it will then send you all the updates you need to stay in touch. Some send newsletters every week, or you can subscribe to an alert service that notifies you whenever there’s a new vulnerability worth paying attention to.

If you don’t know where to start,  try the Cybersecurity and Infrastructure Security Agency’s (CISA) alerts. They include the issue, severity level, give detailed technical explanations on how the vulnerability might affect the users and offer a way to mitigate the risks. You can use either your email or RSS feed to receive technical alerts about current vulnerabilities.

 Additional measures

You might want developers to take full responsibility for their creations and immediately patch up any vulnerabilities that pop up. But users also have an important part to play in securing their accounts, devices, and businesses. Here are some measures you should take to improve your security efforts even further:

  1. Install updates as soon as they are available. Update your devices, software, apps, and encourage your employees to do the same. Updates are there for a reason, so never postpone any of them, since they often include fixes for the latest vulnerabilities

  2. Looking to upgrade or get new tools? Perform a thorough research before choosing. Is the company trustworthy? Is the developer quick to react to any concerns their users raise? Check whether the manufacturer had any security scandals in the past and how they dealt with them. You need to be sure you can trust the company, and researching potential providers will always guarantee a higher rate of success.

  3. Invest in a good antivirus. Having to buy and set up expensive software on every computer in the office might seem like a huge investment, but it will eventually pay off. It will keep viruses and malware away from your system and devices by putting them in quarantine instantly. An antivirus will also notify you about their origin so that you can prevent similar attacks in the future. It’s a great way to stay safe if there’s a known vulnerability in any of the software or devices you use, and the patch is still not ready yet.

  4. A VPN is another security tool you should definitely have. For one, it will allow your employees to access company networks and resources remotely. But it will also encrypt all your internet traffic, and, together with a new IP, make your business difficult for cybercriminals to target.

  5. And finally, encourage everyone in the workplace to break their bad online habits. Get your coworkers to use a password manager, so they don’t end up reusing the same password for their every account. Set up 2FA wherever possible for an additional layer of protection. And regularly remind everyone to always be aware of phishing attacks and its many forms.

Share article

Protect your team, wherever they are
Give your business secure remote access today with NordVPN Teams.

Protect your business with cybersecurity news that matters

Join our expert community and get tips, news, and special offers delivered to you weekly.

Free advice. No spam. No commitment.