Time is running out for Windows support
By George Hefter
On Jan. 14, 2020, three widely-used Windows Operating Systems reach the end of their useful lives and will no longer receive updates and security patches from Microsoft: Windows 7, Server 2008 and Small Business Server 2011 (which is based on Server 2008). This so-called “end-of-support” doesn’t mean that systems using this software will stop working after that date, but it does mean that Microsoft will no longer attempt to solve problems or patch security vulnerabilities. While it might be tempting to keep using these systems after the cutoff date, that decision could be both dangerous and very costly.
What’s the risk?
Without updates and security patches, your systems will become more vulnerable to ransomware, viruses and hackers who may have malicious intent. And they will have plenty of time to figure out how to find their way into these systems because Microsoft will no longer be guarding the door and fixing new vulnerabilities as they are discovered.
Home users risk losing personal data like photos, important home or business documents, and graduation or marriage videos. Depending on computer usage habits, home computers might even give hackers a direct pathway into bank or investment accounts.
Business users’ risks are far greater. Beyond the loss of all the data on your server or workstations, and the inconvenience—not to mention the cost—of system downtime and loss of productivity, business owners also risk higher insurance rates and, like some financial service companies, an overall lowering of reliability or investment grade rating. That last consequence affected Equifax after its cybersecurity breach resulted in a lowering of its Moody’s Outlook rating on top of the almost $700 million fine of the breach itself.
And maybe you’ve heard about some of the breaches affecting local governments, such as in Atlanta or Baltimore, where a second ransomware attack in a year demonstrated how even municipal governments struggle to keep computer networks safe. This is especially true after the National Security Agency revealed it had lost control of one of its very effective hacker tools called EternalBlue, which has since been implicated in hundreds of cybersecurity attacks in the USA and around the world.
Before jumping to the conclusion that only large businesses are targets, please keep in mind that these attacks are broad-based and typically not focused on a specific target. When a broad, “try every door” attack finds a vulnerability in an interesting system, then the hacker will drill down and try to see the size of the target and what the potential for ransom might be. But for every large system that is infected, there may be hundreds of smaller systems found that carry the potential that something on that system might be worth a few hundred to a few thousand dollars, and so those systems get targeted too. And when those are business systems, the risk is even greater.
If your business system is affected, it’s not only your data that may be affected, but your customers’ information is at risk too. If you have customer data of any type on your computers or servers, you may find yourself shelling out thousands of dollars in identity theft protection for those customers, not to mention fines or loss of business because of your cybersecurity lapses.
Attacks on Windows 7 and even Windows XP have escalated in recent months via a variant of last year’s WannaCry virus. Are you sure you want to risk using an outdated, no longer supported operating system?
George Hefter is president of TCT Computer Solutions in Kennewick.