Windows 7 is dead:
Is your business open 24/7 to hackers?
Is your business is a prime target for hackers?
As you may know, Windows 7 is scheduled for its official end-of-life on January 14, 2020. What you might not know is that ALL support, i.e. feature updates and non-security or critical patches, ended in January 2015. Despite this, Windows 7 is still very heavily used by businesses and as of March 2019 still accounted for 37% of all Windows PC’s in use. Imagine if this were the case for your business’s physical security system! It would be the equivalent of having no locks on your doors, or no glass in your windows. What’s truly crazy is that statistically not having locks on the doors is actually safer than not securing business data.
With the end of its mainstream support, Windows 7 has been in what Microsoft calls “extended support” phase. This means it only received patches for security and critical flaws; like the recent announcement concerning another high-risk vulnerability: Microsoft warns “Wormable” Windows bug could lead to another WannaCry. With the extended support phase set to end as of January 2020, Windows 7 will officially become completely unsupported. Any businesses still using Windows 7 after January will become prime targets for hackers worldwide.
How will this affect your business?
While Windows 7 end-of-life doesn’t mean that Windows 7 will stop functioning, it does mean that it can very quickly become vulnerable to malware and attacks that can put your business data at risk. During Windows 7’s extended support phase, Microsoft has continually released patches to address new security flaws. In April 2019 alone, Microsoft patched 29 vulnerabilities in Windows 7, six of which were rated critical and the remaining 23 rated important. This shows both the sheer number of exploits that continue to crop up for Windows 7 and the effort that Microsoft continues to put into addressing those flaws.
According to the Ponemon Institute’s 2018 report on the State of Cybersecurity in Small and Medium businesses (SMBs), 67% of respondents had experienced some sort of cyber-attack and 58% had a data breach involving customer or employee information. Considering the number of Windows 7 systems that remain in use in businesses, it’s safe to assume that these numbers will drastically increase in 2020.
Even updated systems are still at risk.
Another aspect of the Windows 7 End-of-Life that rarely gets the attention it deserves is that it also includes Windows Server 2008. Every desktop version of Windows is accompanied with a Windows Server version, and for Windows 7, Windows Server 2008 is it. This operating system is still heavily used for backend processes at many SMBs and it will become just as vulnerable as Windows 7 when the extended support phase ends in 2020. For many businesses this vulnerability is an even greater risk than laptops or desktop stations. This is because many of these systems are exposed to the world as web and application servers and can be a direct conduit to business-critical and client data.
What can you do?
While the thought of having such a huge potential risk to your business may seem daunting, there are several options available…
• Paid Extended Support – Microsoft will continue to offer extended security update support on a per-system basis. This is an additional fee that you pay to Microsoft, per computer, for it to continue to receive security updates. Depending on the number of systems in your organization, this could be an expensive choice, but it does allow you a short window (pun intended) of time to implement a migration plan.
• Azure hosting – Microsoft’s Azure cloud platform is becoming a huge part of Microsoft’s business and they’re offering free extended support to any Windows server 2008 machines that are migrated to Azure.
• Hardware upgrades – Most new desktops and laptops sold within the last few years have already included Windows 10. So, chances are that any systems you have that are still using Windows 7 are at least a few years old. On the server side, they are likely much older than that. Upgrading the hardware can be an easy way to both mitigate potential security flaws with a new operating system and improve performance and productivity across the business.