The Risk of Running an Old OS
Tags
tech at work smb small business pc security operating systems

and what to do about it

We all know small businesses try to squeeze the last ounce of utility out of everything they buy. But a recent report indicating most small businesses are running Windows versions more than 10 years old was still a bit shocking.
If you are a small business running an older version of Windows such as Windows 7 or earlier, it’s time to upgrade because you’re risking the security and viability of your business.
Yes, we can relate to those old adages “it’s cheaper to keep her,” and “if it ain’t broke don’t fix it.” But if you knew that clinging to your old operating system could hinder operational efficiency, cause you to lose potential customers and lead to cyberattacks, would it be worth it?
If you have an older OS, you’ve probably noticed your computers slowing down considerably. This is often because they simply can’t handle the modern applications you’re trying to use or the data loads dumping into them as you try to do more things online. It can be a real efficiency killer. In fact, 72 percent of workers say outdated technology harms productivity.
Furthermore, clinging to an antiquated OS may also be a huge turnoff for your customers. Several years ago, a Microsoft survey of about 1,400 consumers found 91 percent would stop doing business with a company because of its outdated technology.
If that’s not enough, there are also very serious cybersecurity risks to consider. Of immediate concern, Windows 7 support ends in just a few months (January 14, 2020), and there’s a serious bug out there targeting that OS. It’s called BlueKeep, and about 950,000 Internet-connected devices are prone to attack from it, according to Errata Security.
BlueKeep is technically known as CVE-2019-070 and impacts the Remote Desktop Protocol service in the older versions of Windows. Microsoft released patches for it but also declared the vulnerability as “wormable,” meaning that it can be made to self-replicate and spread on its own.
Beyond BlueKeep, a recent study by security solutions vendor BeyondTrust found there were nearly 500 vulnerabilities in 2018 affecting Windows Vista, Windows 7, Windows RT, Windows 8/8.1, and Windows 10 operating systems. Of all the Windows vulnerabilities discovered that year, nearly 170 could be considered “critical,” the report stated.
Small and midsized businesses are particularly at risk to these types of attacks because 66 percent of SMB devices run Microsoft OSes that include Windows 7 or older, according to research from Alert Logic.
Cyber security is difficult and expensive enough for big global companies to try to stay ahead of costly data breaches, but it can be disastrous for SMBs that don’t make it a priority.
Other key Alert Logic findings include that: 75 percent of missing patches are more than one year old; 42 percent of the top security issues for SMBs are related to misconfigured encryption; and 66 percent of cloud workload configuration issues are a function of weak encryption.
However, Microsoft is running a limited-time promotion for Enterprise Agreement and Enterprise Subscription Agreement customers that will give them a year of Windows 7 extended security updates for no additional charge. But as these are “enterprise” agreements, SMBs are typically excluded from these plans by cost and volume.
Yet, Microsoft also announced last September that it would offer continuing security updates for Windows 7 to businesses through January 2023 for a fee. There will be no more free Windows 7 security updates after January 14, 2020.
Microsoft will provide Windows Enterprise and Microsoft 365 users with paid Windows 7 Extended Security Updates (ESUs) sold on a per-device basis, with the price increasing each year. For the first year the Microsoft 365 ESU will cost $25 per device, then $50 per device in the second year and finally $100 per device in the third year. The Windows 7 Pro ESU will run $50 per device for the first year, then $100 per device for the second year, and $200 per device for the third year.
Windows 7 debuted in 2009, and Microsoft has given users 10 good years of support on an operating system that performed well – and perhaps, unfortunately, all too well for those tempted to stay on the vulnerable platform.
So what’s an SMB to do? Avoid the nasty malware and other potential attacks by migrating up. Move on up to Windows 10. It’s not perfect, but it’s better than giving hackers and cyber criminals more than an even chance to raid your systems or for you to suffer crippling performance problems.
Though the expense may be bothersome, it’s better to be safe. Open your wallet and get a new system with Windows 10 on it.
Enterprise plans are typically priced higher than the Pro version of Microsoft products. And while the enterprise options are typically too expensive for most SMBs, there is a level E3 license that costs less than $100 per user, per year. This level provides a software-as-a-service offering and allows Windows 10 to be installed on up to five machines per user. It also offers an upgrade path from Windows 10 Professional to Windows 10 Enterprise.
Moreover, last year, Microsoft and Intel commissioned a study by SMB research firm Techaisle that said SMB organizations across Asia Pacific, found that the cost of keeping a PC more than four years old is $2,736 per device — enough to replace the aging hardware with two or more new PCs. So why risk it? Upgrade now.
Article reposted with permission from HP Tech Takes