Last week, as I sat in the exam room of my doctor’s office waiting for a consultation, I couldn’t help but grimace and shake my head while I watched a Windows XP logo slowly bounce across the monitor of the lone computer in the room. Eventually the doctor walked in, said hello, sat down at the computer, and began clicking away. As he started to ask questions about my medical history, I interrupted him and bluntly said that I did not consent to having him record my health information in his electronic medical record application if it was going to be done on a device that is unsupported and has probably been compromised by a third party in some way. He was a little taken aback and just looked at me blankly. I explained that I was a technology professional, that Windows XP devices are out of support and have been for some time, and that his patient information was highly vulnerable because of that machine. He was the one grimacing and shaking his head then. The doctor said he had no idea and would be contacting his IT provider that afternoon and fix the situation immediately.
Like my doctor, a lot of business are still going through the painful process of upgrading Windows XP devices. The operating system was supported for well over a decade and was nearly ubiquitous until just a few years ago. Microsoft watched Windows Vista, Windows 7, and even Windows 8 adoption sit at less than 10%, particularly in the business world, for a very long time. Year after year, IT departments would purchase new machines with current operating systems and re-image them with Windows XP in an attempt to reduce complexity and maintain a homogenous environment. In April of 2014, many companies were caught off guard (despite repeated warnings) when Microsoft finally ended support for Windows XP. They were unprepared and didn’t make the necessary changes to their hardware and software environments that the newer operating systems require. And a lot of them were stuck with massive security vulnerabilities that they didn’t know how to get rid of or, like in the case of my doctor, didn’t realize existed.
In the rapidly changing technology world, complacency is an invitation for catastrophe. Many businesses across the globe are still feeling the impact of the WannaCry and Petya malware infections that shut down tens of thousands of machines. The most heavily affected organizations were running legacy unsupported operating systems like Windows XP (or currently supported systems that were not patched and updated appropriately), and I guarantee you that every single one of them are wishing they would have been more proactive about updating their operating systems. The pain being felt by companies suffering through operational interruptions, and in some cases complete shut downs, due to the exploit of known issues should serve as a warning to the business community that sitting on old technology is tremendously risky.
So, what can the average business owner do?
First, if you have any unsupported devices in your environment, get them replaced immediately. As your clients and vendors become more educated and start to take more responsibility for their digital information, interactions like I had with my doctor will happen much more regularly. I personally refuse to do business with companies that don’t take cybersecurity seriously, and I have increasingly more clients requesting assistance with business associate audit documents because their vendors or customers are taking the same stance. The dollars that you spend on replacing old equipment with unsupported operating systems pale in comparison to the business you could lose, or the damage to your competitive advantage and reputation that can occur if you get hacked.
Second, have a realistic lifecycle management policy for your technology environment. That includes hardware, operating systems, and software. A “replace it when it breaks” policy costs much more in lost productivity and downtime than proactively managing technology ever does. Plan ahead, budget for replacements and upgrades, and commit to making them happen in a timely manner. Doing things in a hurry when you absolutely must because you or your employees can’t do their job until a device is repaired or replaced is disruptive and expensive. Don’t wait until your insurance underwriter won’t renew your business liability policy unless you get unsupported devices out of your environment. Technology lifecycle management planning isn’t sexy or exciting, but a well thought out plan goes a long way toward making expenses predictable and ensuring that you don’t fall off a technology cliff because you are driving blindly.
Third, partner with a technology expert that cares about your success. Technology changes are coming at a breakneck pace and show no signs of slowing down. Keeping up requires a tremendous amount of time and energy, and is too much for the average business person to handle on their own. Find someone you can trust and listen to their advice. The expert you choose should be experienced, well-trained and credentialed, and should refuse to make recommendations until they understand your business. Technology, when implemented properly, can help you be innovative, streamline your business, and make you more productive; however, without good planning, support, and maintenance, technology can quickly turn into a major liability. Let the experts that live and breathe technology every day take care of what they do best so that you can focus on your business and what you do best.
A couple of quick facts related to this topic:
- Windows 7 was the go-to operating system for a lot of people who upgraded from XP. However, Windows 7 will not be supported on processors built after January 2017 (Intel Kaby Lake and AMD Ryzen processors), and will be completely out of support in January 2020. Devices running Windows 7 should be upgraded or replaced with Windows 10 devices before the end of 2019.
- Windows 8 is no longer supported on new processors (the same as listed above) and is in extended support through 2023.
- Much like Windows 7, Microsoft Windows Server 2008 was heavily adopted and is extremely prevalent in business environments. Extended support for Server 2008 ends in 2020.