Windows 7 and Windows server 2008 end of life: How they put your business at risk

Windows 7 and Windows server 2008 end of life: How they put your business at risk

January 14, 2020 is an important date for businesses. Also known as Windows 7 end of life (EOL), it’s the date when developer support and updates, including security patches, come to an end for the very popular operating system (OS).

Using Windows 7 past this date will be considerably risky for any business that does so. Like other security experts, Microsoft discourages the use of any out-of-date and unsupported software, as they might become an open door for the hundreds of thousands of new malware instances daily. It released an official statement and warning: "You can continue to use Windows 7, but once support ends, your PC will become more vulnerable to security risks. Windows will operate, but you will stop receiving security and feature updates."

After January 2020, Microsoft will pour all of its support and energy to bolster its latest OS, Windows 10. Upgrading to the newest Windows version means you’re assured of automatic security updates that will protect your business from the latest cyberthreats.

Security and compliance risks

You may think that your business is too small and insignificant to be a target for hackers. According to reports, this is not true. In 2018, for instance, nearly half of all cyberattack targets were small businesses, rising by 425% from the previous year. And according to Verizon’s Data Breach Investigations Report of 2019, 43% of all data breaches targeted small businesses.

By using an operating system that’s no longer receiving security updates, businesses will also go against regulations that strictly protect personal data, such as customer and patient information. They risk big fines and reputation damage due to noncompliance with industry-related data security regulations like the General Data Protection Regulation (GDPR), Payment Card Industry Security Standards Council (PCI SSC), and Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The penalties of being in breach of regulations are severe. But if you’re not scared of the penalties for these violations, the organizations that do business with you may well be. They’re under the same strict regulations as you. For example, if you’re an eCommerce company that lacks PCI SSC compliance, big credit card companies like Mastercard or Visa will not work with you.

Windows server 2008 EOL

On the same date, January 14, 2020, Windows Server 2008 will also reach its EOL. For businesses that rely on this operating system for its servers, this will be bigger news than the need to upgrade Windows 7. When Microsoft stops supporting Windows Server 2008 completely, businesses that rely on it will have their entire network vulnerable to cyberattacks. Hackers will use that opportunity to target businesses that remain on Windows Server 2008 after EOL.

Also, an out-of-date server system will not pass independent compliance audits.

After-effects of malware and data breaches on business

The following stats prove why the security of your operating systems should be a priority. In 2017, Vipre Security reported that 66% of small- and medium-sized businesses closed their doors after a breach. Things have not changed much in two years; today, it is down only to 60%.

The average cost of a cyberattack is around $3 million. This amount takes into consideration the ransom paid by a business due to ransomware, the cost of data lost, sustained system outages, downtime, regulatory fines, legal fees, and even potential lawsuits. According to Keeper Security and Ponemon Institute’s 2018 State of Cybersecurity in SMBs, downtime accounts for a big portion of this cost, around $1.56 million.

But don’t be deceived by this $3 million liability tag. Actual costs can go so much higher, as in the case of the AMCA data breach. Not including direct damage such as ransom or downtime, the amounts the company spent were $4.2 million to report the breach plus $3.8 million for notifications. Worse, these costs don’t include penalties and lawsuits.

Other reports show that businesses spent an average of $879,582 because of the damage or loss from a cyberattack. It doesn’t end there, as disruption to normal business operations yielded a loss at an average of $955,429.

Then there’s reputational damage. In an age of identity theft, customers and potential leads value their privacy and will avoid companies that can’t be trusted with their personal information, including social security and credit card numbers.

A managed services provider (MSP) can help with upgrading your software and hardware, for better security and proper compliance. At Netquest, we take on these responsibilities so our partners can focus more on expanding their business, knowing that they have a robust and secure IT infrastructure to do so. Find more about our services and industry solutions. Talk to us today.