Should You Upgrade From Windows 7: Threat and Vulnerability Management
At TSI, we have years of experience managing the computer systems for over 160 New England organizations. A large part of that job involves making sure that all software and operating systems being used by these businesses are up to date and secure – something that requires a proactive approach to the task to say the least.
A lot of times, updates and software patches are the types of back end duties that go unnoticed and, dare I say it, underappreciated. However, it’s something that is critical to maintaining the health and, most importantly, security of our clients’ systems.
Now that Microsoft’s Windows 7, one of the most popular Windows releases of all time, is officially reaching its end of life, operating system upgrades are at the forefront again. In this piece, I’d like to explain what exactly the end of life for Windows 7 actually means, along with why upgrading your business’ operating systems before the end of the year could be the most important move you make.
What Does End of Life Actually Mean?
According to Microsoft’s own website, the Windows 7 operating system will receive no further security updates or support of any kind after January 14, 2020. This means that hackers will soon be able to dive deep into the Windows 7 code and engineer new viruses or malware strains designed to take advantage of any vulnerabilities they find, and Microsoft won’t be issuing any updates to protect against them.
This also presents major implications in terms of compliance, something that requires a proactive touch and a high degree of vigilance to maintain in the long-term. For example, all United States defense industrial base and defense contractors must meet DFARS compliance requirements, which includes taking appropriate measures to prevent cyber incidents from occurring , as well as the analytics to isolate the issue and it’s root cause. By virtue of the fact that your machines will no longer be receiving security updates, you open yourself up to not being breach, but also the possibilities of penalties or lost contracts that come as a result of violating DFARS compliance regulations.
The same is true of other compliance types, like HIPAA. While it’s true that HIPAA has no specific rule that says “running Windows 7 after January 2020 is a violation,” it also states that you need to have procedures in place for “guarding against, detecting and reporting malicious software.” Any unsupported operating system doesn’t just make this difficult – it makes it largely impossible. The same is true of PCI DSS compliance (which applies to companies of any size that accept credit card payments), and CMR-17 compliance (which regulates companies that either exist in or do business in the state of Massachusetts).
The Time to Upgrade is Now
While it’s true that upgrading from Windows 7 to a new operating system across your enterprise is a large job, the good news is that you still have a little under a year to make sure that things go as smoothly as possible. To get to that point, you just need to keep a few key things in mind.
First, you need to understand that you’re dealing with something of a rolling timeline – especially when it comes to the software you’re currently using. For example, the next version of Microsoft Office 2019 will only be compatible with Windows 10. It will certainly be released before that January 2020 date, which means that even though Microsoft will still technically be supporting your operating system – your productivity software won’t be. By that time, you’ll need to make the leap to either the subscription-based Office 365 or some other compatible solution.
This is likely a situation you will run into with a lot of the other programs you depend on daily, so you need to know when you will lose compatibility with these solutions and take action prior to those dates to avoid any type of business disruption on your end.
Likewise, you should understand the compatibility between your current hardware and the operating system you’ll be upgrading to, as well as evaluate all of your mission critical systems in order to verify their compatibility with a new OS. If those assets don’t support an upgrade, you’ll need to invest money in updating them (or buying new ones) prior to the January 2020 end of support for Windows 7.
In the end, the most important thing to understand is that if you want to prevent Windows 7 from becoming a threat of costly downtime to your business, major action will be required. But success to that end is less the product of one major move and is more about a series of smaller ones. By understanding your enterprise as it exists today and learning about what state it needs to be in by January of 2020, you’ll be able to break the process down into a series of smaller, more manageable steps to guarantee that everything runs as smoothly as possible on January 15, 2020 and beyond.
Ready to Plan Your Upgrade?
At TSI, ensuring our clients' security through operating system updates is always a top priority. If you're organization could use the help of a forward thinking partner like TSI with upgrading from Windows 7, or any other IT related issues, we'd be happy to hear from you.