Let’s face it, Windows 7 and Server 2008 are ten years old, and hackers have had plenty of time to figure out its vulnerabilities. Windows 10 comes with several features that will help improve your overall security posture. Microsoft had made great strides with Windows 10 when it comes to security features to protect against the latest ransomware attacks that struck Windows 7 and earlier versions. In large part, this is due to the fact, that Windows 10 forces the security updates where Windows 7 allowed users to control the up-dates. This greatly reduces the time the risk windows, where hackers can take advantage of the vulnerabilities. Ransomware attacks have increased in recent years, which have led organization crippled, primarily due to running unpatched Windows OS. For example, in 2017, WannaCry affected hundreds of thousands of Windows 7 OS PCs, while those running Windows 10 were not affected.
Another critical area companies should focus on as part of their Information Security Program and Data Governance control, is “Data Encryption”.
Windows 10 has built-in encryption tools that can help protect data if the device is lost or stolen, including USB drives. This is especially important if your business is responsible for safeguarding regulated data. Such as under MA 201 CMR 17, GDPR, HIPAA, or even your company’s intellectual property.
There are also performance and compatibility improvements by upgrading to Windows 10 and Server 2019 as well. And if your hardware is overdue for an upgrade, typically over 4 years old. It may be the perfect time to purchase new devices that are built to take advantage of Windows 10, which can increase performance and improve productivity. If you have application compatibility concerns, work with your applications vendor are available to get the application updated so it can run on Windows 10. In addition, work you’re your managed services or hardware procurement partner to assess your device lifecycle plan and migration to Windows 10.
If upgrading is not possible within the time available, you may consider some other risk reduction methods. Such as:
Endpoint protection — installing additional anti-virus and anti-malware software that also has the capability to white list and blacklist applications. Enabling this control reduces the risk of malicious code running on the computer.
Network Restrictions — work with your network team and determine if you can isolate these PCs from the rest of your network.
Access Control — review the accounts that have access to these PCs and ensure they have the minimum access to perform their jobs, lockdown local accounts, which may reduce spreading ransomware attacks.
However, these measures should be a stopgap solution until those unsupported Windows devices can be upgraded to the latest version of Windows. And should be considered as general improvement controls for your Information Security Program. for older OS’ and consideration for the general improvement of security controls.