Welcome to our Autumn IT Security Update and what great timing as October is officially Cybersecurity Awareness Month! With the recent launch of Microsoft’s new Windows 11 operating system in the news prompting many people to consider an upgrade, Jamie looks at what the true cost could be to your business of not updating to a supported operating system, and why it makes sense to upgrade ‘when the time is right’.
The true cost of not updating to a supported operating system is usually not known or understood until something awful happens. It then becomes very apparent that stalling on upgrading was a very bad idea. Stolen data, ransomware, business unable to operate… all because of an unsupported operating system.
What does it mean when an operating system is no longer supported, and why is it a risk?
If an operating system is no longer supported it no longer receives any security updates, which can greatly impact your cybersecurity. When an operating system is current and supported, security patches are released regularly to address any IT security issues that have been found since the last update. Some of these updates are so important and serious that they are released outside of the normal regular patch routines.
It is worth noting at this point that although Microsoft has just released its new operating system, Windows 11, support for Windows 10 will continue until 14th October 2025, so you do not need to rush into a Windows 11 upgrade. In our experience it’s far better to wait until at least the first major update is released which will probably be in the next few months. Early adopters of new operating systems can often find themselves the victims of many teething problems. Rest assured that we will advise customers when we feel the time is right….
Both the good guys and the bad guys (hackers) are constantly searching for IT security issues (or exploits). The only difference between supported and unsupported operating systems is that when an operating system is no longer supported, only the bad guys still look for exploits! They will often target these operating systems as they know there will still be many of them in use. As an example, In Jan 2021 there were still over 100 million Windows 7 machines running across the globe, when support for Windows 7 finished on 14th Jan 2020.
So, at the point that an operating system becomes unsupported, the updates stop and as time passes, the list of vulnerabilities grows and grows. As nobody is patching the operating system, it gives the hackers a list of options to exploit should they ever come across one.
Here’s a scenario.
Let’s assume that your business has 20 computers running Windows 10 (latest build) and one Windows 7 machine that is only used for a specific function – but it’s on the network. One of the users on a Windows 10 machine clicks on a malicious link in an e-mail without realising it which allows a hacker to gain some access to your network. They only have limited access on the Windows 10 machine, but they scan the network and find the Windows 7 machine. They then focus their efforts on that Windows 7 machine and use available unpatched exploits to gain better access to the network, maybe even gaining administrator credentials. At that point, it’s game over and terrible things could happen to your business.
Of course, unsupported operating systems don’t just apply to computers and laptops, and there are a lot more than just Microsoft Windows operating systems out there.
Your mobile phones also run operating systems. Most people these days are either running iOS (Apple) or Android on their phones. So, if you aren’t patching your mobile phone, you should be. And if it’s no longer receiving updates because it’s unsupported by the vendor, then you should consider upgrading it as soon as possible or heavily limit the personal information you carry around or access on this device.
All mobiles are targets for cybercriminals because of the huge amount of personal information we carry around with us these days. From photo storage to banking apps, hackers know the immense value of the data stored on our phones! Another thing to consider is that it’s important to stick to the known respective stores for apps and to update your apps regularly as well, as they act as another point of entry for hackers.
Businesses should put cybersecurity policies in place to stop or ban unsupported mobile devices accessing their company data. One way to do this is to setup policies that will prevent older unsupported phones from connecting to your company data.
If you are running out of date software or have any questions concerning your business’s operating systems or cybersecurity in general, please contact your account manager or firstname.lastname@example.org to discuss your options.