Windows 7 EOL Switch Now, Before Security Hazards Get You

NEXUSTEK WHITE PAPER

I. Windows 7 – Switch Now, Before Security Hazards Get You

You may think you have time. Official support for Windows 7 ends on January 14, 2020, which means that you have about six months before your deployment becomes obsolete. If you only have a dozen or even a few hundred computers running Windows 7 in your organization, you might think that you have plenty of time. Beware, that mentality can put your business at serious risk.

New Vulnerability Threatens Windows 7 Implementations In May 2019, Microsoft announced – and subsequently patched – a critical software security vulnerability in older Windows systems. The vulnerability, now known as BlueKeep, takes the form of a remote code execution bug that allows attackers to execute malicious software at the heart of Windows operating systems – including Windows 7, Windows XP, and Windows 2000. Here’s the most worrying thing about BlueKeep – it’s wormable. In other words, if one computer in a network is infected with it, then malware that uses BlueKeep can scan the network to identify other vulnerable computers and then use the infected computer to launch an attack. Any malware that uses BlueKeep can spread from one computer to another and can even achieve global reach – similar to the WannaCry and NotPetya viruses that wreaked widespread havoc in 2017. These worries aren’t theoretical. Security researchers have already created a worm than can exploit the BlueKeep vulnerability. Hackers – especially nation-state attackers who have something to gain from causing worldwide chaos – can’t possibly be far behind. In short, we know that the earthquake has struck, and we’re now waiting for the tsunami.

Can You Patch Your Way Out of BlueKeep? Upgrade Now Before It Gets Worse Responsible IT administrators have probably done their due diligence Even if you’ve successfully gone through the effort of about BlueKeep and applied a patch (if you haven’t, go do it now!). There patching your Windows 7 systems, there’s no guarantee are plenty of reasons why simply patching may not be enough, however. that there won’t be another critical vulnerability next First, you may have found that patching your Windows 7 implementation week – and another one the week after that. At that means scheduling downtime for a mission-critical application. If now point, you’ll have spent a great deal of effort and energy isn’t a good time for downtime – and there’s really no such thing as a patching systems that are skating on the edge of good time for downtime – you may not have applied the patch. obsolescence. Once Windows 7 support ends in January of 2020, you Second, your inventory may include dozens or hundreds (maybe even won’t even have the opportunity to patch. Microsoft thousands) of desktops. Do you have time to patch all of them? More will stop releasing fixes for the most common security importantly, are you confident in your inventory and asset-tracking problems. Only issues the size of BlueKeep or larger abilities? Some estimates put Windows 7 as comprising 39% of all will get any attention from Microsoft. As far as other desktop operating systems, which means that there’s a lot to keep vulnerabilities are concerned, your best bet will be to track of. Even if only a single Windows 7 desktop escapes your notice, hope that your firewall keeps holding on. you leave a portal for malware in your organization. Upgrading your Windows operating system to the Even though a patch for Bluekeep is already available, the conventional current version, Windows 10, is the easiest and most logical progression to help protect your business. Not wisdom around patching is this: 25% of companies patch on the first day, only do you instantly gain immunity to BlueKeep, you 25% patch within the first week, 25% patch within the first month, and 25% eliminate your vulnerability to all the other zero-days never patch at all. At this point, a patch has been out for nearly a month that will continue to affect Windows 7 in the days and – which means that 50% of Windows 7 PCs are likely still unpatched. years to come. Patching is imperfect, so a full operating Even if you’re conscientious about patching, there is a good chance that system upgrade is the best way for you to guarantee there are still unpatched Windows 7 PCs in your environment. continued safety for your data.

II. Windows 7 Will Go Out of Compliance as it Goes EOL

Much has been written about the fact that Windows 7 will make your computer more vulnerable to malware. When the system goes end-of-life in January 2020, Microsoft will stop issuing security updates for all but the most severe issues, leaving its legacy systems undefended. Viruses and malware are far from the only thing that you’ll have to worry about once Windows 7 goes EOL. Corporations dealing with healthcare information, credit card numbers, financial information, or data from EU citizens may be subject to strict compliance requirements. For example, storing your data on an end-of-life system may violate these requirements in any number of ways:

Storing Data on an EOL System is a Great Way to Lose It What happens when you store data on a computer whose operating system has gone end-of-life? The first answer is “nothing good.” As time goes on, the computer will become more susceptible to bugs and errors, which increases the risk of catastrophic data loss. The longer you store your data The longer you store your on an end-of-life system, the more likely it is that you’ll lose it. data on an end-of-life You probably think that this problem is what backup and disaster recovery programs are for – and you’re right! Except, of course, that your backup and disaster recovery programs are most likely built system, the more likely it to work with supported operating systems. Are you willing to take the chance that your modern is that you’ll lose it. backup and recovery tool won’t work with an EOL system? This risk goes double for non-accidental disasters – e.g. viruses and malware. Having an EOL system means that it will be that much easier for attackers to break through your defenses and steal your data. It also means that a ransomware attacker will find it much easier to locate and delete your backups.

What Does Losing Data Have to Do with Compliance? Three words: data retention requirements. The Bank Secrecy Act was designed to prevent banks from enabling tax evasion, money laundering, and other forms of corruption. It requires banks, casinos, and other financial institutions to preserve their customer records for at least five years. Banks and ATM vendors, coincidentally, are among those experiencing a general delay in their Windows 10 implementations. If they lose customer data to obsolescence or malware, their employees could face criminal penalties or even spend time in prison. Under HIPAA, covered entities are required to preserve relevant documentation for six years or more, while medical records are covered by state records retention laws – usually for around five years. Notably, the healthcare industry also has significant problems when it comes to upgrading their Windows 7 computers. By the January 2020 deadline, at least 70% of devices and computers in the healthcare industry will be running on out-of-date operating systems. You’ll find that this is a common theme. Across the industries that are governed by compliance rules with data retention requirements, the companies that comprise those industries are having difficulty upgrading from Windows 7 to Windows 10. If this was a novel, we’d call it “Foreshadowing.”

Data Retention Isn’t Your Only Problem Even if your compliance regime doesn’t have specific guidelines about how long you should be storing data, you’re still going to encounter difficulties. For example, PCI-DSS has some broad guidelines when it comes to data storage. Under PCI, your mandate is to protect stored cardholder data. Is cardholder data fully protected if it’s stored on a computer with a depreciated operating system? Technology best practices would suggest “no”. You also won’t be surprised to know that the fines for PCI violations are steep – some in the order of $100,000 a month until your security problems are addressed. HIPAA and the GDPR also offer large fines for violators while providing a flexible definition of protection. You might store your data with perfect encryption, hide it behind a firewall, and protect it with strong antivirus…but if it’s stored on a Windows 7 PC, regulators will still be able to argue that you haven’t done your due diligence.

It’s Time to Upgrade Your Operating Systems Most organizations try to make a point of storing customer and mission-critical data on Users are the enemy of systems other than desktops. Servers and cloud storage are more secure than desktops – which are constantly connected to the internet and subject to user error. You may think categorized data, and even it doesn’t matter that your users are using obsolete desktops, because you make a point a highly organized system is to centralize all the critical data. likely to find that sensitive data Unfortunately, data creeps out of place. Users are the enemy of categorized data, and has been saved to relatively even a highly organized system is likely to find that sensitive data has been saved unsecured locations. to relatively unsecured locations. In that case, its best that this displaced data is still protected by the most up-to-date operating system available.

III. Five Reasons to Upgrade from Windows 7 Today

You have less time than you think. Windows 7 is going end-of-life in January 2020 - less than six months from the time we’re writing this. The early data shows that most companies are emphatically unprepared for this deadline. Almost 20% of organizations have no idea when the deadline will hit, and only 6% know when then the deadline will hit – but still have no plans to make the change. In other words, nearly a quarter of organizations will be left stranded by the end-of-life deadline. If your organization still has Windows 7 terminals in the pipeline to upgrade, you may not be feeling any particular urgency. After all, the end of Windows 7 support doesn’t mean that your computers will cease to operate. With the absence of new features or security upgrades, however, they’ll become that much more vulnerable and difficult to use. Here are five reasons why you need to accelerate your Windows 7 upgrade plans if you haven’t done so already.

1. Windows Security Concerns are Accelerating Malware is getting more advanced as time goes by – and that goes double for unpatched end-of-life systems. You can’t simply hide unpatched systems behind a firewall, as the continued growth of cloud services and remote work exposes your critical infrastructure beyond the reach of a secure perimeter. New vulnerabilities affect old operating systems all the time, with security researchers discovering over 16,000 per year as of 2018. 76% of attacks now make use of previously undiscovered vulnerabilities or fileless malware that can evade antivirus. With Windows 7 going end-of-life, Microsoft will not patch these vulnerabilities, making your computers extremely insecure.

2. Obsolete Operating Systems Break Compliance If your industry is governed by a compliance regime such as PCI-DSS, HIPAA, SOX, or the GDPR, you have a responsibility to protect your critical data. Violators can receive expensive fines or even jail time in some cases. Here’s a hint: storing critical data on an insecure system is not going to impress auditors. You either need to move all data that could be considered sensitive off your Windows 7 endpoints or upgrade them to Windows 10. Guess which job is easier?

3. Old Computers Slow Down Productivity Have you ever tried to check your mail, edit a long word document, or navigate the internet on an old computer? It’s not the best. Windows 7 endpoints will be unable to open the latest file formats, run the latest applications, or browse media-rich websites. Your workers will be behind the curve in an era where nearly every company is implementing a digital transformation. The average worker can waste 40 minutes a day because of slow or obsolete technology. Failing to upgrade from Windows 7 will make the problem even worse.

4. Operating Legacy Hardware Will Eat Your Bottom Line As it turns out, you can hire Microsoft to get you the latest patches and upgrades for Windows 7, even after January 2020 – but it won’t be cheap. You will pay $50 per desktop in the first year after Windows 7 goes end-of-life, but that cost will rise to $200 per device by year three. Extended support will become unavailable thereafter. If you’re maintaining a large stable of Windows 7 computers, you can either pay to keep them secure, or receive free updates with a Windows 10 License.

5. Obsolete Computers are a Sign of Obsolete Infrastructure If you’re a dedicated IT admin, it can be easy to prioritize the many projects you have over the unseen threats to your endpoints. However, if your desktops are obsolete it’s likely that your servers and switches are as well. 64% of organizations are boosting their IT infrastructure in 2019 out of necessity to keep up with the latest technologies. Instead of spending extra IT budget dollars due to outdated desktops, imagine what you could accomplish if you were able to spend those budget dollars on innovation?

NexusTek Helps Make Upgrades Simple If you’re suddenly in need to optimize your endpoints, NexusTek can help. Our managed IT services allow you to focus on your core job functions while we perform the meticulous work of getting your technology ready for a new OS. While you focus on building your company a better future, we’ll help make sure that your infrastructure is ready for the present and beyond – contact us today for more information!