Skip to main content

« Back to Employee News

Cybersecurity tips June 2022

June 30, 2022

Security patches and support agreements

Cybersecurity as illustrated by a digital shield with a lock icon

In 2011, technologist and venture capitalist Marc Andreessen wrote that “software is eating the world” and would transform the way businesses and entire industries operate.

Software's impact can be seen here at Facilities Management in analog building systems that are being replaced by computerized components. These new building systems run embedded software which enables more powerful features and improved monitoring. At home, we are seeing internet-enabled home appliances connect to world-wide networks.

But there are trade-offs. Embedded software requires additional training on how to use it. Embedded software can often make systems more expensive. Finally, embedded software—especially on networked devices—can become vulnerable to cybersecurity threats and needs to be periodically updated. Failure to patch our systems not only is against University policy (IRM-004), but can lead to system downtime, corruption of data, destruction of hardware and collateral damage across the network.

Each system owner is responsible for maintaining the security of their systems. It can be a hassle to constantly be searching for news of system vulnerabilities, purchasing software updates and installing them. It never ends.

That's why we highly recommend budgeting for and obtaining support agreements from the vendors of these building systems that include:

  • Being proactively notified of security vulnerabilities.
  • Access to system software patches and updates.
  • Vendor responsibility for installation of patches and updates.

So, the next time you're in the market for a system with a networking or a software component, ask about the kind of support agreements the vendor offers, how long they last for, and how much they cost.

Purchasing a support agreement from a vendor who understands the need for software support and makes it easy to get it will prevent a lot of headaches and extra work down the road. If you're thinking of purchasing a “smart” device for the home, make sure the device is from a reputable company that will support its products for as long as you intend to keep it.

About the author

Albert Lee
Cybersecurity Program Manager
Systems Administrator
Technology & Innovation
(434) 982-5471
albert.lee@virginia.edu