News
The End of Life for Windows 7
On 14th January 2020, Microsoft will officially ‘end the life’ of support for Windows 7 and Windows Server 2008 (including 2008 R2); a change that will pose a significant challenge for many businesses throughout the UK.
Not only does 2020 mark the beginning of a new decade, but it also commemorates the end of an era for Windows 7 and Server 2008. Not so long ago, these trusted operating systems were one of Microsoft’s most popular, so much so, that many businesses still use them on a daily basis.
But what exactly does end of life mean for small and medium-sized enterprises (SMEs)? Well, if you continue to use these operating systems after support has ended, your systems will still work, but will become considerably more vulnerable to security risks and viruses. As SMEs represent 99% of all businesses in the UK, there’s potential for a significant number of companies to be effected.
Assessing the Risks
In a nutshell, this rather significant operating system end of life means no more bug-fixes, security patches or new functionality. In addition, Microsoft customer service will no longer be available to provide technical support and related services will also be discontinued over time.
This considerable change, therefore, may cause concern for existing users as the risk of running systems beyond 14th January means that computers and data can become vulnerable to exploitation, hackers and bugs, to name but a few.
Vulnerabilities can be very dangerous as attackers can more easily comprise unpatched systems. Once compromised, the attacker can gain control of the system to steal information and potentially launch further attacks on other IT systems within an organisation’s network.
When an operating system becomes end of life, the vendor will no longer release security updates or patches to remediate any discovered vulnerabilities. This leaves systems at serious risk of being compromised.
Is Your Company at Risk?
It’s vital to assess the risks to business before deciding what action needs to be taken – and, in this case, both the likelihood and impact need to be determined. To achieve this it’s essential to consider the following:
- Does the system contain business-critical and/or confidential data?
- Does the system contain any sensitive data such as personally identifiable information?
- Does the system support a business-critical process?
- Will running an end of life operating system be in non-compliance of:
- GDPR
- PCI
- Supply chain agreements
- Insurance policies
- What would the cost be to the business if the system was compromised?
- Would the reputation of the business be damaged if the system was compromised?
- Is the system exposed to the internet, if so, can this be limited or removed completely?
- Has the user(s) of the system received adequate security awareness training?
- Do we have the capabilities, including the skills and knowledge to manage the risk?
Once the likelihood and impact have been determined, it’s then about calculating the risk. If the risk is low, it should then be recorded in a risk register and treated to reduce the likelihood of it occurring.
Managing the Risks
At CYAN, we believe that the best option and one that should always be considered before anything else is to terminate all risks by upgrading operating systems to a supported operating system before the end of life date. Which in this case, is 14th January.
However, in some cases, it may be necessary to run a system with an operating system beyond its end of life date. This could be due to several reasons, from budget constraints to a dependency on a legacy application that requires a specific version of an operating system version in order to work. If this is the case, the risk should be assessed and treated to reduce the likelihood of the system being compromised.
But it’s important to note that this should only be a short-term measure while measures are put in place to upgrade to an updated operating system. We know that business survival during a huge change such as this requires having a strong IT security strategy in place.
Effectively Treating Risks
At CYAN, we balance our intricate knowledge of IT with a personal approach to understanding the businesses and people that use it every day. And so, to reduce the likelihood of the risk occurring when Windows 7 or Server 2008 reach end of life, multiple techniques and controls can be applied to treat the risk. There are a number of ways in which this can be done:
Reducing the Attack Surface
Removing all unnecessary applications from the system and only allowing signed and trusted applications to run can effectively reduce the risk. Additionally, isolating the system to a tightly controlled security zone and limiting exposure to the internet can also help to decrease the attack surface.
Applying Patches
First of all, it’s important to know what patches are in the IT realm. A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. So, by applying the final update and security patch from Microsoft, as well as continually keeping all required applications up to date, can significantly treat risks.
Implementing Strong Technical Controls
Use a comprehensive endpoint security solution to protect against malware and unauthorised access and harden the system by disabling unrequired services and system features. Not sure where to start? Speak to us for expert help and advice.
Control Access
You can also prevent access by removing unused accounts and restricting access on a need to know basis. Using strong passwords and multi-factor authentication can also be highly effectively when it comes to watertight access control.
Backup and Event Logging
Regularly performing backups as well as enabling event logging to a safe, secure and restricted location is vital to contain, eradicate and recover from a security breach.
Security User Awareness Training
Within a business, it’s vital to practice safe clicking and carry out regular security awareness training and measure its effectiveness with all members of the team. This is of the utmost importance when it comes to the end of life of operating systems such as Windows 7.
The Next Steps…
While end of life operating systems will continue to work after their end date and additional techniques and controls can be applied to reduce the likelihood of the system being compromised, it’s best practice to terminate the risk by upgrading the system to a supported operating system before the end of life date.
This means the end of regular security updates which puts any system running Microsoft Windows 7 or Server 2008 beyond 14th January 2020 at serious risk. Businesses that use these systems and that have failed to update to newer systems are at risk of severe and very dangerous security breaches.
Skill and Knowledge for The Steps Ahead
It’s worth noting that to manage the risks involved in such a drastic change will require skilled resources and additional time and effort, which isn’t always something that can be carried out within a small or medium sized business. And much like any massive business change, the cost of managing the risk should be weighed up against terminating the risk by upgrading the system to the next available operating system. You might just find that it’s more cost-effective, and ultimately, will be far safer for the business to simply upgrade the operating system.
At CYAN, we have seen security threats from outdated operating systems, unpatched vulnerabilities, and various other security breaches. The longer your company waits to update systems, the bigger the risk becomes of a potentially costly and nasty attack. Please don’t wait any longer, get in touch to find out more about how we can help you with a safe and speedy upgrade.
Wherever your organisation goes after Windows 7, upgrading should be done in a measured and controlled way, and certainly not rushed at the last moment without careful consideration of the impact to business.
Categories
- Case Study
- Charities
- Cloud Computing
- 10 Ways to be More Productive with Microsoft 365
- Cloud Based Services for Business
- Top Cloud Computing Trends
- Myth-busting Cloud Technology
- Technology to Minimise the Disruption Of School Holidays
- Cyan delivers a tailored cloud based solution
- Managing Security With Remote Workers
- What Are The Benefits Of GDPR?
- The biggest risk for data breaches is your employees
- Is your business prepared for bad weather?
- How technology innovation can improve efficiencies for charities
- How internet of things is shaping the workplace of the future
- Does a lack of cloud computing standards compromise its use?
- Common places where SMEs slip-up when using the cloud
- Things to consider before choosing a cloud platform
- Just how secure is the cloud? (Spoiler: Very.)
- Reasons to consider remote working
- Cloud computing terms – what do they even mean?
- Essential time-saving apps for SMEs
- Cyber Security
- Industry News Roundup December 2020
- Shocking Cyber Security Stats 2020
- How Staff Accidentally Help Hackers Steal Sensitive Data
- A quick guide to keep personal devices secure
- Three super simple things you can do now to protect your business
- Have You Considered These Risks to Your Business?
- Cyan Approved to Join NCSC Cyber Information Security Partnership (CiSP)
- What Is Cyber Insurance and Does My Business Need It?
- What Is Ransomware and How Should I Protect My Business?
- The End of Life for Windows 7
- What is Cyber Essentials and Why is it Great For Your Business?
- The Cyber Security Basics You Should be Covering Now
- How to Create a Cyber Security Policy for Your Business
- 3 Reasons Businesses Are Still Getting Their Cyber Security Wrong
- Cyber Security Risks You Need to Focus on in 2020
- IT Security Strategy: What You Need to Know
- Essential Recommendations for Business IT Security
- Cyber Security Services
- Remote and Fully Managed IT Support Tailored To Your Needs
- IT Security Strategy: What You Need to Know
- Essential Recommendations for Business IT Security
- How Often Should You Audit Your Business Cybersecurity?
- Managing Cybersecurity Solutions for SMEs
- Cybercrime Is On The Increase
- Monitoring The Dark Web To Stop Security Breaches Fast
- How to protect your business against phishing scams
- Disaster Recovery
- GDPR
- Myth-busting Cloud Technology
- Using The Cloud For Your Disaster Recovery Strategy
- How to Make Sure Your Staff Don’t Breach Your Data Security
- What Are The Benefits Of GDPR?
- Monitoring The Dark Web To Stop Security Breaches Fast
- The biggest risk for data breaches is your employees
- The Dos And Don’ts Around Consent For GDPR Compliance
- Plan. Create. Maintain for GDPR compliance
- Checklist For GDPR Compliance – Are You Ready?
- The Financial Impact and Gains Of GDPR
- What You Need To Know About GDPR: 6 Key Principles
- How GDPR affects charities
- The Data Protection Law Is Changing: What Does Your Business Need To Do?
- IT Budget
- IT Help Desk
- IT Infrastructure
- The End of Life for Windows 7
- What is a Typical IT Budget for a Small or Midsize Business?
- Digital Transformation Of Social Housing – Top Five Trends
- How and Why You Should Use Scalable Technology Infrastructure
- Driving Business Growth Through IT Infrastructure
- How Cyan Solutions Helped Toto Energy drive rapid Growth
- IT Security
- Industry News Roundup August 2020
- Keep devices protected while remote-working
- Have You Considered These Risks to Your Business?
- Cyan Approved to Join NCSC Cyber Information Security Partnership (CiSP)
- What Is Cyber Insurance and Does My Business Need It?
- What Is Ransomware and How Should I Protect My Business?
- The End of Life for Windows 7
- What is Cyber Essentials and Why is it Great For Your Business?
- The Cyber Security Basics You Should be Covering Now
- How to Create a Cyber Security Policy for Your Business
- 3 Reasons Businesses Are Still Getting Their Cyber Security Wrong
- Cyber Security Risks You Need to Focus on in 2020
- IT Security Strategy: What You Need to Know
- Essential Recommendations for Business IT Security
- Cyber Security Services
- IT Security Strategy: What You Need to Know
- Essential Recommendations for Business IT Security
- How Often Should You Audit Your Business Cybersecurity?
- Managing Cybersecurity Solutions for SMEs
- Top 5 Ways To Avoid Phishing Emails
- Key Technology Trends Impacting the Energy Sector
- Top Benefits of Outsourcing Your IT Requirements
- Using The Cloud For Your Disaster Recovery Strategy
- Managing Security With Remote Workers
- Our Guide To IT Budgeting
- How to Make Sure Your Staff Don’t Breach Your Data Security
- Driving Business Growth Through IT Infrastructure
- Plan. Create. Maintain for GDPR compliance
- Flaw in Intel Chips Puts Millions of Computers At Risk
- Does a lack of cloud computing standards compromise its use?
- 10 basic (but essential) business tech security tips
- Just how secure is the cloud? (Spoiler: Very.)
- Cloud computing terms – what do they even mean?
- Essential time-saving apps for SMEs
- IT Services
- 10 Questions to Ask About Your IT Service Provider in 2020
- Virtual CIO Services
- Cloud Based Services for Business
- What is a Typical IT Budget for a Small or Midsize Business?
- Does Outsourcing Mean IT Cost Reduction
- Tips for Finding the Best IT Consulting Solutions
- Top Benefits of Outsourcing Your IT Requirements
- Cyan delivers a tailored cloud based solution
- What support should you expect from your IT provider
- IT Strategy
- Why Your Business Needs an IT Strategy
- Why you should be making plans to implement remote working long-term
- Continuity Checklist
- Have You Considered These Risks to Your Business?
- The End of Life for Windows 7
- What to Include in Your IT Strategy in 2020
- What Does Digital Transformation Mean for Your Business in 2020?
- Essential Recommendations for Business IT Security
- Remote and Fully Managed IT Support Tailored To Your Needs
- Essential Recommendations for Business IT Security
- What is a Typical IT Budget for a Small or Midsize Business?
- Does Outsourcing Mean IT Cost Reduction
- Is Your IT Spending Under Control?
- IT Budget Planning Mistakes You Should Avoid
- What is Your IT Strategy?
- Tips for Finding the Best IT Consulting Solutions
- Embrace New Technology with an IT Transformation Strategy
- Do Your Employees Understand Your IT Business Strategy?
- Digital Transformation Of Social Housing – Top Five Trends
- Top 5 Ways To Avoid Phishing Emails
- Key Technology Trends Impacting the Energy Sector
- Cybercrime Is On The Increase
- Essential Data Back-Up & Disaster Recovery Tips
- Using The Cloud For Your Disaster Recovery Strategy
- Harnessing Technology to Enhance Housing Associations Performance
- Why Your Phone System is an Essential Part of Your Technology Strategy
- Driving Business Growth Through IT Infrastructure
- The Dos And Don’ts Around Consent For GDPR Compliance
- The Importance Of Having A Good Technology Strategy
- Things to consider before choosing a cloud platform
- IT Support
- 10 Questions to Ask About Your IT Service Provider in 2020
- Remote and Fully Managed IT Support Tailored To Your Needs
- What is a Typical IT Budget for a Small or Midsize Business?
- Does Outsourcing Mean IT Cost Reduction
- Tips for Finding the Best IT Consulting Solutions
- Key Technology Trends Impacting the Energy Sector
- Top Benefits of Outsourcing Your IT Requirements
- What support should you expect from your IT provider
- How your customers benefit from using a smart meter
- Microsoft Office 365
- A Day in the Life of a Managing Director
- Industry News Roundup December 2020
- 10 Ways to be More Productive with Microsoft 365
- Digital Transformation Of Social Housing – Top Five Trends
- Key Technology Trends Impacting the Energy Sector
- Top Benefits of Outsourcing Your IT Requirements
- Managing Volunteer Teams Through Good Technology
- Microsoft Office 365: Discounts and Subscriptions for Charities
- How technology innovation can improve efficiencies for charities
- News
- Industry News Roundup December 2020
- Industry News Roundup August 2020
- Industry News for July 2020: Remote Working
- Have You Considered These Risks to Your Business?
- Cyan Approved to Join NCSC Cyber Information Security Partnership (CiSP)
- What Is Cyber Insurance and Does My Business Need It?
- What Is Ransomware and How Should I Protect My Business?
- The End of Life for Windows 7
- What is Cyber Essentials and Why is it Great For Your Business?
- The Cyber Security Basics You Should be Covering Now
- How to Create a Cyber Security Policy for Your Business
- 3 Reasons Businesses Are Still Getting Their Cyber Security Wrong
- Cyber Security Risks You Need to Focus on in 2020
- What to Include in Your IT Strategy in 2020
- 10 Questions to Ask About Your IT Service Provider in 2020
- What Does Digital Transformation Mean for Your Business in 2020?
- IT Security Strategy: What You Need to Know
- Essential Recommendations for Business IT Security
- IT Security Strategy: What You Need to Know
- Essential Recommendations for Business IT Security
- How Often Should You Audit Your Business Cybersecurity?
- Managing Cybersecurity Solutions for SMEs
- What is a Typical IT Budget for a Small or Midsize Business?
- Does Outsourcing Mean IT Cost Reduction
- Is Your IT Spending Under Control?
- IT Budget Planning Mistakes You Should Avoid
- What is Your IT Strategy?
- Tips for Finding the Best IT Consulting Solutions
- Embrace New Technology with an IT Transformation Strategy
- Do Your Employees Understand Your IT Business Strategy?
- Digital Transformation Of Social Housing – Top Five Trends
- Top 5 Ways To Avoid Phishing Emails
- Key Technology Trends Impacting the Energy Sector
- Top Cloud Computing Trends
- Myth-busting Cloud Technology
- Top Benefits of Outsourcing Your IT Requirements
- How and Why You Should Use Scalable Technology Infrastructure
- Cybercrime Is On The Increase
- Essential Data Back-Up & Disaster Recovery Tips
- Technology to Minimise the Disruption Of School Holidays
- Cyan delivers a tailored cloud based solution
- Using The Cloud For Your Disaster Recovery Strategy
- Managing Security With Remote Workers
- Our Guide To IT Budgeting
- What support should you expect from your IT provider
- How Blockchain Gives Transparency to Charity Spending
- How to Make Sure Your Staff Don’t Breach Your Data Security
- Harnessing Technology to Enhance Housing Associations Performance
- Why Your Phone System is an Essential Part of Your Technology Strategy
- What Are The Benefits Of GDPR?
- Monitoring The Dark Web To Stop Security Breaches Fast
- Driving Business Growth Through IT Infrastructure
- The biggest risk for data breaches is your employees
- Why Use A Virtual CIO?
- Is your business prepared for bad weather?
- The Dos And Don’ts Around Consent For GDPR Compliance
- The Importance Of Having A Good Technology Strategy
- Plan. Create. Maintain for GDPR compliance
- Checklist For GDPR Compliance – Are You Ready?
- The Financial Impact and Gains Of GDPR
- Managing Volunteer Teams Through Good Technology
- What You Need To Know About GDPR: 6 Key Principles
- How GDPR affects charities
- How your customers benefit from using a smart meter
- The Data Protection Law Is Changing: What Does Your Business Need To Do?
- Microsoft Office 365: Discounts and Subscriptions for Charities
- How to protect your business against phishing scams
- Flaw in Intel Chips Puts Millions of Computers At Risk
- What even is a blockchain?
- 7 must-have apps and software that aid remote working
- How Cyan Solutions Helped Toto Energy drive rapid Growth
- How technology innovation can improve efficiencies for charities
- How internet of things is shaping the workplace of the future
- Does a lack of cloud computing standards compromise its use?
- Some of the most innovative applications of VR by businesses we’ve seen so far
- Common places where SMEs slip-up when using the cloud
- Tips to be more mobile friendly
- Cyan delivers sustainable solutions and increases confidence in IT at Sands
- Will AI ever completely replace human customer service?
- 10 basic (but essential) business tech security tips
- Things to consider before choosing a cloud platform
- How artificial intelligence will affect future business
- Just how secure is the cloud? (Spoiler: Very.)
- Reasons to consider remote working
- Cloud computing terms – what do they even mean?
- Essential time-saving apps for SMEs
- Telecommunications
- Virtual CIO
- Virtual CIO Services
- Is Your IT Spending Under Control?
- IT Budget Planning Mistakes You Should Avoid
- What is Your IT Strategy?
- Tips for Finding the Best IT Consulting Solutions
- Embrace New Technology with an IT Transformation Strategy
- Do Your Employees Understand Your IT Business Strategy?
- Driving Business Growth Through IT Infrastructure
- Why Use A Virtual CIO?