First, Microsoft announces it will be pulling support for XP, the operating system still utilized by hundreds of millions of computers.  Second, a security flaw in Internet Explorer, making users of IE vulnerable to hackers seeking to collect private information.  

American IT specialist Sarah H McMullin.

Finally, Microsoft announced a patch to fix the bug in IE and also included a fix for XP users who expected to see an end to all patches and support.

So what does this mean for business owners and enterprise users of XP?  Are they safe staying with what they know and avoiding the cost of an upgrade?  Will patches keep coming despite the announcement they are finished?

In a word, no.  Remaining on XP is not a safe choice.  This recent security threat and the need for an XP patch to fix the problem only exposes how dangerous it is to keep secure information on a machine running a system hackers know won’t receive security updates.  

Even if the updates were to continue, and Microsoft assures they will not continue, XP has a target painted on its back, and no business should risk storing sensitive information on vulnerable machines.  Even companies who do very little work on computers should still make an effort to protect any employee data or account information stored on their dormant devices.

This potential threat is especially relevant for any business with information that is subject to Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accessibility Act (HIPAA), or Gramm-Leach-Billey Act (GLBA) legislation.  

While these regulations don’t specifically ban using old operating systems, they do require that information must be protected from threats in security, and holding onto a system that will not receive updates might be considered a violation of that requirement. In a more generally applicable scenario, a customer who sees their data being input into a screen with XP in the corner might hesitate to invest their trust because of those two letters, and losing trust means losing business.

What can organizations do now that the time has already passed for continued XP support?

Before doing anything else, they should check for the XP update.  If the update was not done automatically, they must assure that the most recent patch for XP is installed so all machines are as current as they can be.  

Second, if using XP is vital to continued operation of the business, maybe because of an expensive piece of legacy software, companies should consider virtualization.  

Running on a “virtual machine” will have the familiar look, functionality, and compatibility of XP but within the safety of a protected environment.  If virtualization isn’t necessary or reasonable, a full upgrade to a more modern operating system like Windows 7 or 8 is in order.

While upgrading operating systems, and potentially also computers, might seem costly, it is not necessarily out of reach.  Cloud technology allows businesses to operate without the need for uber-expensive machines for each user and offers the benefit of being able to expand and contract IT budgets much more nimbly as demand dictates, saving money through improved efficiency.  

Of course the potential cost to a business if a security breach occurs could be catastrophic.

As always, even after updating and upgrading, users should be aware of emails and links that look suspicious or ask for personal user information.

Sarah H McMullin