Goodbye Windows 7: How End of Life Products Affect Your Small Business’ Cybersecurity

Windows 7's status will officially be End of Life in January 2020. Here's what you should do to prepare your organization and how you can plan for the future.

What does End of Life mean?

Windows 7 is an operating system (OS - the underlying software that makes all other computer operations possible), and its official status will be End of Life (EoL) on January 14, 2020. EoL is a designation for software or hardware that is no longer supported by the manufacturer. In such cases, new vulnerabilities (flaws) that are discovered will not be patched, which leaves any computers running Windows 7 more vulnerable to hackers.

Currently around a quarter of computers are still running this OS, many of them likely at small businesses without dedicated IT teams to keep computers up to date. How could this upcoming deadline impact your small business? Well, in order to protect yourself from being hacked, we’ve compiled a few suggested actions that you can take.

What should I do?

  1. Check if you’ve got Windows 7 computers. Obviously if your business is all on the latest version of Windows, macOS, or some other OS, then you’re good! Check your asset inventory if you’ve got one, or if you’re not sure, follow Microsoft’s instructions on each of your Windows machines. Assuming you’ve got any Windows 7 machines, consider options 2-4 below:
  2. Do Nothing. This one isn’t really an option, but you could just ignore the impending cybersecurity risk. We don’t really recommend that, so option #3 is where you should really start.
  3. Upgrade. Staying current with your hardware and software is always the best option - patches include security fixes that keep your OS and apps up to date. In this case, you’ll also need to verify that any applications you require will run on the new version of Windows. 
  4. Isolate/segment. If you can’t find upgrades or replacements for business-critical applications, you can continue to use these machines with some additional precautions like isolating them from the internet or placing them on a segmented network. If the application doesn’t require Internet access, then keep that computer off your company network and away from the Internet. If the app does require network access, get your IT team to place it on its own network segment (your IT or networking team should know how to do that). Limiting access helps compensate for the increased vulnerabilities present in software that’s EoL.

If you go with option 3:

  1. Microsoft has a checklist that (not surprisingly) includes resources pointing you to their SaaS product offering, which includes device management like ongoing updates to the OS. This will help you fix the current problem, and also provide a way to continuously stay ahead of these risks in the future.
  2. Upgrade individual computers that can run the latest version of Windows, and replace those that can’t. 
  3. If you have vital applications running on any of these machines, make sure you can run those apps on your new OS version. If not, find upgrades or replacements for the apps.

Planning for the Future 

Once you’ve handled any Windows 7 machines you currently have, the obvious question is: how can you avoid this in the future? To help keep your IT resources current, consider some of the following strategies:

  1. Include license and EoL data in your risk assessment. This will allow you to get a routine view of potential risks, including expiring licenses and soon-to-be obsolete software. Knowing these risks ahead of time and finding mitigation strategies can help prevent a scramble when you find out a particular piece of software is obsolete. 
  2. Favor portability. Ensure you consider portability when choosing software. Does this app offer versions for both Windows and Mac? Better yet, is it available as a web application that can work anywhere? Software-as-a-Service (SaaS) gives you some great options for portability, with apps that are continuously patched and can function across different operating systems. This makes it easier to keep the entire system up to date without being hamstrung by dependencies. 
  3. Consider system lifecycles as part of operational risk management. That’s a really fancy way of saying “realize you’ll have to upgrade/replace software at some point”. Part of maintaining your company’s IT systems should be a plan to replace them. Knowing ahead of time and planning to gracefully replace an application is always simpler than being caught off guard or worse, suffering a cybersecurity breach due to outdated software. Review your IT systems as part of operational risk management, and identify strategies to update or replace systems before they reach EoL. 

Zeguro is a cyber safety solution and insurance provider for small to mid-sized businesses (SMBs), offering a comprehensive suite of tools for risk mitigation and compliance, as well as insurance premiums that are tailored to the size, sector and profile of a company.
Learn more →

Start My Quote Now
Aaron Kraus
Written by

Aaron Kraus

Director, CyberSecurity

Governance, regulatory & compliance auditor; Award winning cybersecurity trainer & industry speaker.

Sign up for the latest news

Oops! Please make sure your email is valid and try again.