On January 14, 2020 Windows 7 will no longer be patched, supported or sold by Microsoft. This is a huge deal because Windows 7 is one of the most widely adopted and beloved operating systems in the world. Many business owners do not fully understand the impact of the Windows 7 end of life as it pertains to their organization. We will break down what every business owner should know and ask their IT support team about.
“Why Should I Care?”
IT Service Fees
Most small businesses work with an Managed Services Provider (MSP) for IT support. Almost all mature MSPs have language in their contracts that require computers under contract by the MSP to have “supported” hardware and software from the manufacturer. If the computer Operating Systems are not supported, as in the case with Windows 7, these machines may be subject to hourly billing for support outside of the contract. Additionally, business owners pay MSPs to patch their computers as part of the monthly IT service. If Windows 7 is not supported by Microsoft, then it will no longer be issued patches. Therefore, companies are paying for a service that is not being fulfilled. No patches by Microsoft = No patches being deployed by the MSP.
If a business has cyber security insurance, there are certain criteria that must be met for a claim to be paid. If negligence is found on behalf of the business by not taking precautions to protect the network, claims will be denied. Negligence is defined as having known, insecure systems on the network that cannot be patched. These open holes in the security of a network will prevent an insurance policy from being paid out. It is critical that businesses executives take the time to implement an endpoint security strategy with their MSP.
Hackers are purchasing malware on the dark web at an alarming pace. A recent study of hacker buying habits found that “Based on the prevalence and longevity of the malware being purchased, that there likely exist enough victims who do not comply with basic security (patching, antivirus, etc…) for (hackers) to successfully infect those systems on a regular basis (RecordedFuture, 2019).” That means- if people simply patch their machines, they are far less likely to get malware and ransomware. In order to patch a computer, there must be patches supplied by the manufacturer. Windows 7 will no longer get ANY patches after January 14, 2020.
“What Should We Do?”
Inventory Your Assets
Businesses should take the time to inventory all of their IT assets. IT Management Software should be installed on each computer in order to see what specifications the machine. Asset software will provide information on software and patches installed on the computers. Most MSPs will provide this software with their support. A detailed listing of the assets and inventory of their installed components should be available to business owners. These reports should be accessed or provided to the business owner with little or no notice. Use these reports to discuss Asset Life-Cycle Management with your MSP and stick to the plan.
Replace or Upgrade
Many computers that are less than 4 years old can be upgraded to Windows 10 from Windows 7. With the addition of some RAM and maybe a Solid State Drive (SSD), an existing computer can utilize Windows 10 with little to no issue. If a computer is over 4 years old, and your business does not have an asset life-cycle policy, it is recommended the computer be replaced with a new unit running Windows 10. The additional hardware, licensing and time spent upgrading machines to Windows 10 will not provided enough ROI on the cost.
Take the time to fully understand what the true cost is to migrate up to Windows 10 for your existing fleet. We recommend that businesses executives take deliberate action on securing their computers before the Windows 7 EOL date arrives. Many organizations who have not educated themselves on the true cost of the Windows 7 retirement. Many companies will take the “stepping over the dollars to get the dimes” approach of IT spend for system upgrades, costing more in the long run. Organizations should account for all costs before making decisions about the security and stability their end points.