There was some consternation in the Grant McGregor sales room last week. We had received a call from a company we hadn’t worked with before. They were looking for a new IT partner.
So far so good: obviously we can help with that.
However, the requirements the new company had of any prospective partner soon challenged our simple notion that we could help. The company wanted to find an IT partner that wouldn’t force it to upgrade its operating system from Windows 7.
Microsoft is withdrawing support from Windows 7 on January 14, 2020. But, despite this, the company wanted to continue to use that version of the Microsoft operating system.
Hence our consternation. We know our customers depend on us for our reliable IT support and our expert advice. We’d be failing on both measures if we didn’t explain why upgrading is so important.
When Microsoft withdraws support for Windows 7 on January 14 next year, it will cease all technical assistance and automatic updates for the product. This means the necessary security upgrades and patches will no longer be made.
This leaves a huge potential security vulnerability right at the centre of your IT estate. Hackers and cyber criminals are continually searching for new methods of attack. To keep up with and protect against their latest attack vectors, all software and operating systems require regular updates.
Once Windows 7 ceases to have such updates, its users will be left exposed to attack. And these attacks are guaranteed to happen.
The risks of failing to keep your operating system upgraded were highlighted most spectacularly in May 2017.
This was the month that the WannaCry ransomware cryptoworm, which targeted computers running older versions of the Microsoft Windows operating system including XP, spread around the world. It affected many NHS organisations, international banks and even Deutsche Bahn. The cryptoworm encrypted data on infected computers and demanded ransom payments in Bitcoin cryptocurrency. It was estimated to have affected more than 200,000 computers in more than 150 countries – at a cost ranging into the billions of dollars.
The most galling aspect of the WannaCry attack was that it was all completely preventable. Microsoft had previously released patches to address the vulnerability WannaCry exploited. WannaCry spread because some users had not applied the patches, or they were using older Windows systems that were past their end-of-life (and which, therefore, no longer had security patches for them released).
It was no coincidence that NHS organisations and banks were amongst the users that fell foul of the WannaCry virus. These organisations often have aging legacy equipment that is based on old technology. Some of this is because they are using bespoke or privately developed apps – often, in the case of the banks, on old mainframe equipment.
The price of upgrading these old systems to make it possible to operate them on modern operating systems is simply too high. Furthermore, the piecemeal way they have often been developed and expanded over time creates a complexity that is a major barrier to their replacement.
In the case of the NHS, this problem is exacerbated because of the lack of funds in the system at the time. Even if the apps being used would have worked on Windows 10, upgrading software and operating systems simply wasn’t a priority in an “austerity” era.
Even if you are grappling with a lack of funds and/or the complexity of upgrading legacy apps running on outdated operating systems, the decision not to upgrade is a bad strategy… as those who fell victim to WannaCry found out the hard way.
In the case of WannaCry, the burden of infection was immediately felt. With systems down, manufacturing plants such as Renault and Nissan closed – resulting in significant losses.
As ever, the big organisations made the news but there were many small businesses affected and although the losses were scaled, they were devastating, nonetheless.
Some other affected organisations chose to pay the ransom demanded – with no guarantee that they would get the encryption key required to retrieve their data or that the attack wouldn’t happen again.
Any business that has suffered from an attack like this will tell you that the results of suffering from a cyber-attack are felt long beyond the immediate few days after.
When systems are down, customers are forced to go elsewhere. Their trust in your business, your ability to deliver when they need you to, and your ability to protect their information is undermined. Not only that, but they will have established a relationship with your competition – who stepped in to help when you couldn’t. These changing loyalties could amount to a significant chunk of lost revenue over the long term.
GDPR adds a further financial risk to the equation – if you have lost sensitive data because of a failure to keep systems updated, you certainly aren’t fulfilling the requirement to protect your customers’ data adequately. The consequence could be a large fine.
Together with the growing cyber threat, this makes it more important than ever to update and upgrade your software and operating systems. In many cases entirely new machines will be appropriate as older ones may struggle with the latest software or even not be compatible at all.
Knowing all this, you can see why the call we received from the potential customer who wanted to find an IT company that was prepared to tell them it was OK not to upgrade was a difficult one. They wanted to just get on with their business. We wanted to ensure they could, too!
If you’d like to know more about how we can help you upgrade from Windows 7, please get in touch. You can reach our team on 0808 164 4142.
If you have concerns about any other aspect of your infrastructure, we can help with that too. Remember that Windows 7, Internet Explorer and Windows Server 2008 R2 all go out of support soon.