Your IT Department

Keep Your Firmware Safe and Secure

Most of us know the difference between hardware and software. But do you understand what firmware refers to? And even more importantly, what are you and your business doing to protect your firmware against security vulnerabilities?

Any business should know that it needs its operating system, such as Windows 10, is up to date. You can protect both your operating system and your software from cyber-attack by installing patches as they are released.

Updating software may be part of your regular routine, but firmware also needs updating.

But even those that are diligent when it comes to software patches often overlook firmware. This can leave a gap in their cyber protection. You open Outlook every day, and you rely on your Excel spreadsheets, so you keep those patched and up to date. But you probably don’t even think about the basic software that makes your hardware run – this is the firmware.

Without this basic software, your computer wouldn’t recognise its hard drive, so you wouldn’t be able to access your software at all. All of your hardware contains firmware. Your printers, network and sound cards, routers, switches even your keyboard and mouse!

The Need to Update Firmware

Cybercriminals don’t just rely on a single tactic. They are always probing, looking for new ways to infiltrate your system. And this includes exploiting firmware that hasn’t been updated. If you fail to update you risk cyber criminals:

  • spying on your business;
  • stealing your business data;
  • taking control of your computers.

You might think that your safe. You have antivirus in place and set to scan regularly. However, hackers can circumnavigate AV and embed malware in your firmware.

It’s only recently that firmware exploits have gained attention. In the recent past, criminals could be fairly certain that firmware manufacturers were not prioritising security. Now, updates are released by manufacturers for a least a few years after initial release. The aim is to ensure that the devices that your business depends on are stable.

The bad news is that, unlike software patches, you might not get notified that your firmware needs an update. You’ll need to find the updates on the manufacturer’s website. You will need to regularly check for these updates. In fact, you should put in place a policy. That way your firmware will be up to date and holes and fresh vulnerabilities plugged.

Taking Care of Business Firmware

Too many people fail to consider the firmware threat. People initially set up their devices and then forget them. They don’t think about the possibility that a compromise could happen in the future.

Last years Avast Threat Landscape Report identified that 60% of users had never updated the firmware on their router. But router hijackers can gain access to usernames and passwords by injecting malicious HTML.

Businesses are ever more reliant on technology, especially connected technology. This technology may improve many areas of the business. But it also gives bad guys more places to attack. Don’t become complacent.

The myriad of available technology may make life easier, but outdated firmware can leave that technology vulnerable to cyber attack.

You should be installing patches when they become available for all of your software. And now you understand what firmware is, you could look to update it yourself. However, these updates can be risky. They are not as straight forward as a software patch and getting the wrong update or making a mistake with the patch will stop your hardware working.

We recommend getting expert help to update firmware. Seek out a qualified technician, or better still partner with a Managed Service Provider (MSP) who will look after software, hardware AND firmware updates.

How We Can Help

As part of our initial assessment, we’ll check your firmware and ensure it’s all up to date. We’ll also ensure you have a policy in place to keep everything up to date. We won’t stop there either. We’ll give your IT systems a full health check. Just give us a call today on 0115 8220200 or complete our contact form and we’ll get straight back to you.

Special Bonus

If you’d like some further information on keeping your data safe download our free eBook ‘The Business Owners’ Guide To Protecting Client Data’