Windows XP may be more than a decade old but countless small businesses still use the Microsoft operating system. That would be fine, if Microsoft as of April 8 didn’t stop supporting it, putting small business owners who continue to use it at risk.
“Typically every month Microsoft would come out with patches to fix security issues,” says Patrick Thomas, security consultant for Neohapsis Labs. “After April 8th that stopped happening and now online criminals who find weaknesses can use them indefinitely.”
When Microsoft released Windows XP back in 2001, Google barely existed, Facebook wasn’t invented and nobody knew what Twitter was, let alone a Tweet. But since then times have changed, and that old operating system doesn’t address the security needs of the modern computing world, which is one of the reasons why Microsoft has finally phased out support.
While moving to a new OS that is made for today’s Internet is the best thing small business owners can do, security experts have advice for the many who can’t or won’t give up XP. There are actions to take now to protect data from the criminals who not only want sensitive information about you, but also about your customers.
“Now XP has a giant red neon bull’s eye on it. Folks still using it are significantly at increased risk online. You should not be using it for any general Web surfing or email,” says Thomas. Security experts says it’s ok to use XP if you have a legacy or esoteric software program that only works with XP, but if you are using it as the general OS for the entire office and you don’t make some adjustments, you are setting yourself up for a potential disaster.
“Not only are the malware writers looking forward to new attacks they’ve been stockpiling existing exploits they’ve found, preparing to make the maximum use when Microsoft stops patching,” says Doug Swanson, CTO of security software company Malwarebytes. “The concern from security professionals is that this could represent a pretty serious uptick of malicious software being pushed out over the next couple of months.”
If you can’t move to Windows 7 or 8 or another OS, then Swanson says you have to seriously beef up the protection of the software on the backend. That means getting users off Internet Explorer and Outlook, keeping Java and Acrobat up to date and using anti-virus software. In addition to that, Swanson says to layer a malware tool on top of the anti-virus software to increase your protection. Keep in mind that these defenses won’t replace the updates and patches Microsoft issued each month up until yesterday.
Security experts say it’s also important to educate employees about what they can and can’t do online. After all, the wrong click on social media can get the systems infected in seconds.
“If you can’t upgrade then you need to come down with a firm hand that these are work machines and they only get used for work things,” says Patrick. “Don’t go online, don’t look at cat videos and don’t install random software from the Internet.”
Being open to hack attacks is the biggest risk you face, but it’s not the only one when using XP. According to Chuck Fried, president and chief executive of TxMQ, an IT services company, if your system is infiltrated and you are using an unsupported OS like XP your insurance may not cover your legal exposure to an attack. That could mean the end of your business, if you are facing lawsuits due to a data breach and you can’t afford all the legal bills.
In order for insurance policies to be in effect, you have to use software and hardware that the vendor still provides support for, says Fried. Not to mention that if something in the OS causes your data to be deleted there’s no recourse with Microsoft.
“You want your basic infrastructure to be supported. When you go out of support you run the risk of having problems,” he says.