Not rendering correctly? View this email as a web page here.


It is important to us, as industry leaders, to keep our customers informed and up-to-date with the most current security trends. With 27+ years of information around security management across Risk, Privacy and Technology Services, as well as designing, deploying, and re-engineering efficient enterprise-wide security solutions, it is my goal to provide you with information that will keep your business secure. I hope that you will find this, and subsequent newsletters informative and valuable in advancing your knowledge of the security space. We are here to support you, please look to us as your experts.


Afzal Bashir
Chief Information Security Officer


Widows 7 Image

After January 14, 2020 Microsoft will no longer provide support for Windows 7 and Server 2008.

Once the support has ended, your  computers will continue to work; however, you will no longer be able to contact Microsoft for technical help, software updates, or get necessary security patches. In short, your system will be more susceptible to viruses and other malicious attacks.

To reduce this risk, we recommend businesses prioritize the effort to start migrating those PCs to Windows 10 and Servers to 2016 or 2019, as early as possible.

Upgrading software or hardware across the organization can be a challenging, specifically for smaller businesses that lack the required resources and then there’s the financial impact. But consider the much higher financial implications from a data breach. According to the latest study from IBM, the cost of a breach has risen 12 percent over the past 5 years. With global average cost of $3.92 million per data breach, $3.86 million and $3.62 million in 2018 and 2017 respectively.

Security Newsletter_image001

It is also important to recognize in which industry your business falls under. The chart below highlights the average cost of data breach by top five Industries.

Security Newsletter_image002

The average cost per record for healthcare is $429, more than double that of any other industry at $150 per record.

U.S. ranks at the top of the list when it comes to cost of the data breach, at $8.91 million followed by the Middle East at $5.97 million. The chart below shows the top five countries or regions.

Security Newsletter_image003

Let’s face it, Windows 7 and Server 2008 are ten years old, and hackers have had plenty of time to figure out its vulnerabilities. Windows 10 comes with several features that will help improve your overall security posture. Microsoft had made great strides with Windows 10 when it comes to security features to protect against the latest ransomware attacks that struck Windows 7 and earlier versions. In large part, this is due to the fact,  that Windows 10 forces the security updates where Windows 7 allowed users to control the up-dates. This greatly reduces the time the risk windows, where hackers can take advantage of the vulnerabilities.  Ransomware attacks have increased in recent years, which have led organization crippled, primarily due to running unpatched Windows OS. For example, in 2017, WannaCry affected hundreds of thousands of Windows 7 OS PCs, while those running Windows 10 were not affected.

Another critical area companies should focus on as part of their Information Security Program and Data Governance control, is “Data Encryption”.

Windows 10 has built-in encryption tools that can help protect data if the device is lost or stolen, including USB drives. This is especially important if your business is responsible for safeguarding regulated data. Such as under MA 201 CMR 17, GDPR, HIPAA, or even your company’s intellectual property.

There are also performance and compatibility improvements by upgrading to Windows 10 and Server 2019 as well. And if your hardware is overdue for an upgrade, typically over 4 years old.  It may be the perfect time to purchase new devices that are built to take advantage of Windows 10, which can increase performance and improve productivity. If you have application compatibility concerns, work with your applications vendor are available to get the application updated so it can run on Windows 10. In addition, work you’re your managed services or hardware procurement partner to assess your device lifecycle plan and migration to Windows 10.

If upgrading is not possible within the time available, you may consider some other risk reduction methods. Such as:

Endpoint protection — installing additional anti-virus and anti-malware software that also has the capability to white list and blacklist applications. Enabling this control reduces the risk of malicious code running on the computer.

Network Restrictions — work with your network team and determine if you can isolate these PCs from the rest of your network.

Access Control — review the accounts that have access to these PCs and ensure they have the minimum access to perform their jobs, lockdown local accounts, which may reduce spreading ransomware attacks.

However, these measures should be a stopgap solution until those unsupported Windows devices can be upgraded to the latest version of Windows. And should be considered as general improvement controls for your Information Security Program. for older OS’ and consideration for the general improvement of security controls.