Page Comparison

Purpose

Updates and patches can provide your software with new functionality, but the most important purpose they serve is to fix security vulnerability that could place your system and work at risk.

Audience

On this page

Initial considerations

Evaluate possible institutional options.

• Consult with your local IT group about whether an institutionally managed system would meet your needs. These systems are managed by technical experts at the University, divisional, or departmental level, allowing you to focus more on the task at hand, rather than maintaining the security of unmanaged systems.

  • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8Fus#Information-Information-Technology-(IT)

Maintain an asset inventory.

• Maintain and consult your device inventory to confirm which systems you'd want to “harden”.

  • Asset management; data and devices

Follow general security best practices.

• The majority of security events and incidents occur when general best practices are insufficiently followed or ignored. By applying a holistic approach to securing your systems, often referred to as “defence-in-depth”, you help reduce the risk of data loss or breach.

  • Best practices to secure systems and environments

\uD83D\uDCD8 What can I do?

Visit the Center for Internet Security (CIS)'s Benchmarks website for security recommendations.

https://downloads.cisecurity.org/

This includes recommendations for:

Be aware of ongoing vulnerabilities that might impact your systems.

• Security alerts and advisories inform you of possible vulnerabilities to your system and can provide you with recommended mitigations, including recent security patches. 

  • Cyber security alerts and advisories

What can I do?

Use supported version of operating systems and configure automatic updates.

Windows

• Automatic updates are enabled by default within current versions of Windows and cannot be disabled.

MacOS

• https://support.apple.com/en-ca/guide/mac-help/mchlpx1065/mac

Linux

• Distribution dependent. Contract your local IT group about how to setup automatic updates.

  • https://uoft-infosec-cf.atlassian.nethandbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/AdditionalContact+help#%F0%9F%96%A5%EF%B8%8F-Informationus#Information-Technology-(IT)

Android

• https://support.google.com/googleplay/answer/113412?hl=en

iOS

• https://support.apple.com/en-ca/HT204204

Regularly patch and update your software and applications.

• Configure automatic updates where available.

Avoid removing software restrictions imposed by the manufacturer on your device or use untrusted software.

• Do not jailbreak or root your device to exploit privileged access, as it provides an easier means for malicious software to exploit your device.

• Do not install or use pirated software on devices with access to institutional data.

• Do not sideload software onto mobile devices which bypass the Apple or Google Play Store, as they not subject to scans which flag potential harm.