By George Hefter
On Jan. 14, 2020, three widely-used Windows Operating Systems reach the end of their useful lives and will no longer receive updates and security patches from Microsoft: Windows 7, Server 2008 and Small Business Server 2011 (which is based on Server 2008). This so-called “end-of-support” doesn’t mean that systems using this software will stop working after that date, but it does mean that Microsoft will no longer attempt to solve problems or patch security vulnerabilities. While it might be tempting to keep using these systems after the cutoff date, that decision could be both dangerous and very costly.
What’s the risk?
Without updates and
security patches, your systems will become more vulnerable to ransomware,
viruses and hackers who may have malicious intent. And they will have plenty of
time to figure out how to find their way into these systems because Microsoft
will no longer be guarding the door and fixing new vulnerabilities as they are
discovered.
Home users risk
losing personal data like photos, important home or business documents, and
graduation or marriage videos. Depending on computer usage habits, home
computers might even give hackers a direct pathway into bank or investment
accounts.
Business users’ risks
are far greater. Beyond the loss of all the data on your server or
workstations, and the inconvenience—not to mention the cost—of system downtime
and loss of productivity, business owners also risk higher insurance rates and,
like some financial service companies, an overall lowering of reliability or
investment grade rating. That last consequence affected Equifax after its
cybersecurity breach resulted in a lowering of its Moody’s Outlook rating on
top of the almost $700 million fine of the breach itself.
And maybe you’ve
heard about some of the breaches affecting local governments, such as in
Atlanta or Baltimore, where a second ransomware attack in a year demonstrated
how even municipal governments struggle to keep computer networks safe. This is
especially true after the National Security Agency revealed it had lost control of one of its
very effective hacker tools called EternalBlue, which has since been implicated
in hundreds of cybersecurity attacks in the USA and around the world.
Before jumping to the
conclusion that only large businesses are targets, please keep in mind that
these attacks are broad-based and typically not focused on a specific target.
When a broad, “try every door” attack finds a vulnerability in an interesting
system, then the hacker will drill down and try to see the size of the target
and what the potential for ransom might be. But for every large system that is
infected, there may be hundreds of smaller systems found that carry the potential
that something on that system might be worth a few hundred to a few thousand
dollars, and so those systems get targeted too. And when those are business
systems, the risk is even greater.
If your business
system is affected, it’s not only your data that may be affected, but your
customers’ information is at risk too. If you have customer data of any type on
your computers or servers, you may find yourself shelling out thousands of
dollars in identity theft protection for those customers, not to mention fines
or loss of business because of your cybersecurity lapses.
Attacks on Windows 7
and even Windows XP have escalated in recent months via a variant of last
year’s WannaCry virus. Are you sure you want to risk using an outdated, no
longer supported operating system?
George Hefter is president of TCT Computer Solutions in Kennewick.