Why Lawyers Should Take Windows 7 End-of-Support Seriously

As IT consultants for attorneys, we are all for making your technology purchases last.

Windows 7, unfortunately, can’t be one of them.

As of January 2020, Windows 7 will no longer receive security patches. If you are still running it next year, you will be actively posing a risk to your clients’ data.

In 2017, Wired Magazine published this evocative description of the expired Windows XP: “A computer running XP today is a castle with no moat, portcullis raised, doors flung open, greeting the ravaging hoards with wine spritzers and jam.” In less than a year’s time, Windows 7 users will find themselves in the same vulnerable situation.

THE HACKER-ROADMAP CONCEPT

Understandably, upgrading for its own sake seems like a waste of time and money. But this is not about keeping up with the trends. In this case, not upgrading can lead to major losses.

What makes running an expired operating system especially dangerous is something we refer to as the “hacker-roadmap.” Each time Microsoft discovers a new bug or security hole, it will announce it to the world so that organizations can apply the appropriate repairs. It is probable that previous, unsupported versions of Windows will have those same security exploits. Microsoft, however, will not be releasing patches for them. By studying the new patches, hackers will find holes through which to target expired systems.

KEEPING UP WITH SECURITY STANDARDS

The new operating systems are also evolved to keep up with changes in security standards for the internet. This is important, as more and more programs are now partially or wholly online-based.

With Windows 8, Microsoft introduced a major leap in security. Along with the enhanced framework, however, it also released a jarringly new user interface called Metro UX, which nixed the classic Start Menu. Windows 10 has added more security features for users and IT managers, and made big concessions to user-friendliness, such as re-introducing the Start Menu.

New hardware already does not support Windows 7. If you are planning on getting new PCs for the office, upgrading Windows is a prerequisite.

THE STORY OF WINDOWS XP

Windows XP offers a cautionary tale. When its end-of-life date arrived in 2014, many organizations were reluctant to upgrade despite the warnings from Microsoft.

In 2015, Windows XP was deemed a breach of HIPAA regulations-with good cause, it turned out. In a sobering example, the systems of one of Melbourne’s largest hospitals were attacked by a virus when it was still on XP in 2016. The hospital released a statement saying, “While the virus has been disruptive to the organization, due to the tireless work of staff we have been able to minimize this disruption to our patients.” Without a doubt, this breach caused a major strain on the institution that could have been avoided with a timely upgrade. It happened again in 2017 when the UK’s National Health Service XP system was infected with ransomware. No patches were available from Microsoft.

WHAT SHOULD MY FIRM DO?

Depending on the size of your firm and the complexity of your systems, upgrading to Windows 10 may be a three-to-12 month project. Start planning now so you can determine how long the process will take.

Which backend servers will need to be upgraded? Which applications will be implicated? Will you keep your systems on-premises or transition some or all of them to the cloud? Decide who on your staff will be helping, and how the project will fit into your budget. As the date draws closer, many IT companies will be fully booked with upgrades. To keep your clients safe, make sure you don’t fall behind.

Reprinted with permission from: New York State Bar Association Journal, May 2019, Vol. 91, No. 4, published by the New York State Bar Association, One Elk Street, Albany, NY 12207. Authored by Chris Owens, Chief Technology Officer at Kraft Kennedy, for the NYSBA Journal.