I’m sure you know by now, but Microsoft’s end of support for Windows XP, on April 8th of this year, is fast approaching. What effect will this have on your business?
You wouldn’t think that killing an operating system that is 13 years old would cause a widely felt impact, but as of the beginning of this month, almost a third of computers world-wide were still running Windows XP, according to NetMarketShare. How many of those computers are within the walls of your business? It’s not as though your users will be unable to boot on April 9th, but what consequences will it have, if any?
You may think you’re safe because you have a firewall, an up-to-date antivirus, or all of your important business information is hosted in the cloud. The fact is that Microsoft’s ongoing security updates provide an important line of defense against malicious code by patching the holes that are continually found and can be exploited. In the event that something, or someone does exploit the computers of your users, that something or someone may be able to gain access to your corporate network infrastructure or, even more, those cloud services.
What about maintaining compliance with industry regulations? If you are in an industry that requires HIPAA compliance, there are a couple reasons, not least of which is the possibility of massive fines compelling you go upgrade.
The HIPPA Security Rule lists 3 specific reasons XP will not be compliant:
- Protection from Malicious Software (A) implementation specification 164.308(a)(5)(ii)(B) in the HIPAA Security rule is defined as: Procedures for guarding against, detecting, and reporting malicious software.
- The Workstation Security (R) standard 164.310(c) of the HIPAA Security rule is defined as: Implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized users.
- The Integrity (R) standard 164.312(c)(1) in the HIPAA Security rule is defined as: Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
Obviously, XP will not make the cut in healthcare.
What about PCI compliance? Well, PCI DSS Requirement 6.1 states merchants must “Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.” With no more updates coming from Microsoft, XP will not be PCI compliant.
One last thing, along with XP, Office 2003’s support will end on April 8th, and it must suffer the same fate.
So, what is to be done about all this?
Well, for starters, if you’re just learning about this now, you’re almost too late. The good news is, there is still time but not much. Microsoft offers an upgrade assistant which can help to determine if your hardware is capable of running Windows 8.1. If Windows 8 and it’s significantly changed “Metro UI” sounds like more of a nightmare than the risk, Windows 7 is still an available option. Whatever you do, make haste!
If you’re one of our ITG Managed Services clients, you’ve already got your upgrades planned, but if you’re not,you can contact ITG today to schedule a network assessment and we’ll assist you in determining the best course of action.