Microsoft officially ended support for Windows 7 on January 14, 2020. This means that technical assistance and software updates from Windows Update that help protect your PC are no longer available. It also means that Microsoft will not take responsibility for loss of data due to security breaches on Windows 7. We strongly recommend that you move to Windows 10 – if you haven’t done so already – to avoid a situation where you need service or support that is no longer available. In other words, Windows 7 is dead.
A hacker’s goal is to infiltrate organizations and exfiltrate data as quickly as possible. An easy way for them to accomplish this goal is to exploit unpatched vulnerabilities within unsupported software. When software is EOS, the version no longer receives critical updates making it vulnerable to security risks, bugs and other issues that will not be patched. This means that once a hacker develops an attack after January 14, 2020, there will NOT be a new patch to protect against this attack, so anyone on an unsupported software version will be vulnerable.
Hackers may not exactly know if you are or are not on Windows 7 but that’s not what matters. Hackers aren’t writing programs to specifically target Windows 7 users; they run programs to find open ports/vulnerabilities in networks. Once the program finds one, it will constantly peck away at passwords until it reaches the right one. These programs can run tens of thousands of possibilities in a short time span before they decide to move on to the next target. Because Windows 7 no longer has security support, if there is a vulnerability that is found today, then the hacker can catch you on a certain site and exploit that unpatched vulnerability to gain access to your machine.
With today’s modern threats, older platforms can be infiltrated more easily because those platforms don’t have the built-in defense stack that is now available in Windows 10. According to Microsoft, Windows 7 devices are 3.4x more likely to be hit by ransomware than Windows 10 devices.
In addition, any regulatory compliances that address data security (such as HIPAA) would cause an issue if security updates are not available for your operating systems. We address parts of this in our previous HIPAA webinar which can be found here.
As an organization, proprietary information is your livelihood. To maintain the integrity of your data and your client’s data, upgrading to Windows 10 should be a priority. If you have questions about this process, please reach out to us at firstname.lastname@example.org.