By now, unless you’ve been stuck on a Blackberry trying to read MySpace updates, you’ve likely heard about the end of support for Windows XP. The most recent Security Intelligence Report from Microsoft shows that when exposed to a similar volume of potential threats, Windows XP SP3 has a malware infection rate nearly double that of Windows 7, and a whopping 650 percent greater than 64-bit Windows 8.
Unfortunately, the stated risks associated with continuing to run the OS are not just Microsoft “marketing ploys” (as some believe) to get people to buy Windows 8. The risks are real. If you continue to run XP and connect to the Internet your business will very likely at some point become a target. And you’re not alone … in fact, based on recent surveys:
• 25% -30% of all computers are still using XP
• 45% of organizations still have hardware running XP
In addition to risks like your critical data being exposed and keystrokes being recorded, if you’re still running XP you may also be in violation of compliance terms. For example, in the healthcare industry this little section of the security rule: 164.308(a)(5)(ii)(B), which requires “procedures for guarding against, detecting and reporting malicious software,” could prove to be troublesome.
Similar risks also exist for PCI (credit card) and the financial industry.
So what should you do? I interviewed Scott Kinka, Evolve IP’s CTO, about the subject and he shared nine tips with me:
- Identify– Make a list of every device running Windows XP. If you’re using a machine running XP, think twice about doing this in Excel (see tip #5).
- Unplug – Where possible, disconnect these machines from the Internet. It sounds harsh, but it’s the safest choice. Many XP machines may be performing simple functions on older software that don’t need to access the Internet – so limit what they do and reduce your exposure.
- Update – be sure you are running the last version of XP as published by Microsoft on April 8th, 2014.
- Defend – Employ the latest anti-virus software and force updates from Microsoft Security Essentials, Symantec or McAfee.
- Eliminate – On XP machines, stop running Microsoft applications that access the Internet like Explorer, Outlook Express. If you must access the Internet, use Chrome or Firefox, who will continue to support the operating system for a little longer.
- Ban – never use USB drives on these computers again, they have the ability to transport malicious software from XP to your more secure operating systems.
- Avoid – Microsoft has advised XP to never open attachments or instant messages.
- Back-up – be sure to back-up all critical files and data from your XP machine onto a supported device.
- Upgrade – when you have the time and budget, prioritize your XP upgrade. Migrating to a virtual desktop environment will not only keep your business from having to deal with this issue again, it will enable BYOD for your organization and should significantly reduce your hardware costs. Categories: General
If you must keep using XP machines on the Internet at a minimum take these steps: