SC Magazine reports that 44% of companies are still using Windows XP and 34% of enterprises are using a combination of Windows XP and Windows Server 2003 which will be decommissioned by Microsoft on July 14, 2015.
Apparently, many businesses are reluctant to migrate to the newer software despite the fact that older systems are no longer supported, not being patched, and are subject to focused attacks by criminals.
Whatever the reason why these companies refuse to upgrade, they are putting themselves, their customers and whomever they interact with online at risk every day.
The Target Breach should have taught businesses a hard lesson
Target was not breached because of the company’s own system failures. Hackers penetrated its cyber defenses through a contractor whose systems became infected through a social engineering scam that allowed hackers to penetrate Target’s IT systems to steal credit card data.
Anytime you interact with another company that is using outdated and unsupported operating systems like Windows XP and the soon-to-be-retired Windows Server 2003, you are at risk because those less security savvy businesses can unknowingly pass on malware, viruses and other exploits that steal sensitive information during a transaction.
For instance: Many Point-of-Sale (POS) terminals used by businesses today are still using the Windows XP OS and are a favorite target of hackers because of its vulnerabilities and the volume of credit cards they can steal.
How to protect yourself
- Always be mindful that no matter how tight your own security is, those that are less security-minded can put you at risk.
- If you are using Windows XP and Windows Server 2003 — STOP and upgrade immediately!
- Have a written Data Breach policy and make sure ALL employees are aware of it.
- Ask your trusted vendors whether they are still using Windows XP systems and/or Windows Server 2003. If they are and you still need to interact with them, be extra cautious.
- Do not allow vendors or your own employees to remotely access your business network using Windows XP computers. If you do, you’re asking for trouble.
- Keep your antivirus and anti-malware programs up-to-date and run them frequently.
- Educate your staff about security issues and how to recognize the signs of malware and virus infections on their workstations.
- Instruct employees to be very mindful and suspicious about links within emails and resist the urge to click on them, especially from senders they do not know.
- Make sure all employees know to NEVER divulge confidential information to anyone over the phone or via email. Many social engineering scams start with a phone call or innocent-looking email.
- NEVER write login information on sticky notes and keep them on computers, desks, etc. Enforce a clean desk policy at all times.
- Businesses should have their systems monitored and maintained by an IT Managed Services Provider (MSP) like XSolutions (845-362-9675) to keep systems up and running efficiently and securely. MSPs will minimize problems quickly when their monitoring systems detect issues. Businesses should not rely on break-fix computer support. The problems with this type of support are many, not the least of which are excessive network downtime and serious security issues that can arise when systems are not monitored and maintained properly.
Network security is the responsibility of all businesses and is not something to take lightly. All you have to do is turn on the T.V., read the newspapers or your favorite blogs and you’ll no doubt come across stories of data breaches and scams. These scams not only put your business at risk but also pose significant risks to your customers.
If you are a business and maintain any type of customer data on your systems — dump Windows XP and Windows Server 2003 operating systems and upgrade immediately!
XSolutions is a Managed Services Provider (MSP) and provides 24/7/365 remote monitoring, scheduled workstation and server maintenance, Help Desk Services, Cloud & Hosted Services, Backup/Disaster Recovery, and Software Development. Call us at (845) 362-9675 and see how we can help your company.