Most of us can differentiate between hardware and software. But how many know what firmware refers to? More importantly, is your business securing its firmware against security vulnerabilities?
Your business knows it needs to keep its operating systems (OSs) up to date. Installing patches as they are released helps protect your OS and software applications from attack.
Yet firmware can be easily overlooked when setting up cyber protection. You’re opening up Explorer every day, and your business relies on its Excel spreadsheets, but you don’t think about the basic software that runs the hardware as intended – that’s the firmware.
Without firmware, your computer wouldn’t know how to detect its hard drive, and the gears on the business printer wouldn’t spin to pull the paper through the device. There’s firmware in network and sound cards, routers, range extenders, keyboards, and more. Firmware also makes your webcam or surveillance camera work correctly.
The Need to Update Firmware
Cybercriminals aren’t known for their lazy reliance on just one tactic. Instead, they are constantly finding new ways to exploit business devices and systems, and this includes attacking firmware. Without securing your firmware, you run the risk of bad actors:
- spying on business activity;
- stealing business data;
- taking control of your business computers.
You may think you’re safe because you have antivirus scans in place, but hackers can get around those by embedding their malware in your firmware. In the past, they could guess firmware manufacturers weren’t prioritizing security. That’s changing now that firmware exploits have gained attention.
Manufacturers release firmware updates for at least a few years after initial release. The goal is to ensure the stability of that device your business depends upon.
Find firmware updates online at the manufacturer’s website. You might also look on the device support page. Make it a policy to consistently seek out firmware release updates. That way, the business is up to date with new patches to fix holes or fresh vulnerabilities.
Taking Care of Business Firmware
Too many people aren’t thinking about the firmware threat; it’s a set-it-and-forget-it problem. Once people set up their devices, they don’t think about the possibility of a future compromise.
For example, in last year’s Avast Threat Landscape Report, 60 percent of users had never updated router firmware. Yet router hijackers can inject malicious HTML and gain access to usernames and passwords.
Businesses are growing more reliant on technology, particularly connected technology. (Thank you, Wi-Fi and Internet of Things.) This is also expanding the attack surface available to cyber bad guys. Don’t become complacent. Apply patches when issued to all business connections and technology.
Now you know what firmware is and why it matters, that doesn’t mean you’re any closer to being able to actually update it all. Partner with one of our technicians. We can do an audit of all your firmware and find any holes that need plugging. Give us a call today at 604-200-2234!