Every device has an end-of-life date attached to it, just like the products you buy at the supermarket. Microsoft end of life dates are easy to find, but it’s vital to understand what they mean for your business. Computers and servers are the biggest spends associated with Microsoft end of life. While these two systems are very different, the impact of the end of service life is very similar. Generally, a computer comes with one of two operating systems. You’ll either get a Mac running Apple’s operating systems or you’ll get a PC running Windows. Both operating systems get updates regularly.
You’re Taking on Water
We’ve all seen the pop-ups warning of impending updates. The device will give you the option to install and restart now, set a time for later, or snooze. These updates contain security patches and bug fixes for your operating system. This helps keep your device and in turn your network more secure. A security patch is rolled out when a weak point is found within a system. Sort of like welding a leak on a ship. If that leak isn’t fixed it will cause problems later. When a windows device reaches one of Microsoft’s end of life dates it means the company is no longer patching those weak points.
It’s easy to look at this and go “it’s a small leak, no big deal.” Plugging the leak (think antivirus and firewall) won’t be enough. When an OS reaches the end of service life there’s a whole army of threat actors waiting to find and exploit these weaknesses. Suddenly you’re cruising around in a vehicle known to have a weak spot. By not updating the OS you’re leaving yourself and your company vulnerable to attacks.
It Can’t be that Easy
Once a known weak spot is found, threat actors immediately seek out as many machines still running this OS as they can. Since they already know exactly how to exploit this weakness, they make quick work of gaining access.
Servers are no different. Just like a computer servers have both a physical housing with accompanying hardware and software that makes them function. The operation system, or software, within the server, has an end of service life date that looms on the horizon. Currently, Microsoft server life is about five years of regular support with an additional five years of optional extended support which can be very pricey. After this support comes to an end, your company’s out of date server becomes a huge target full of private data.
Remote workers present additional weaknesses to your organization too. Companies with BYOD policies should track the operating system of every device being used to access any part of the business and require those machines to be within their support life.
My Company is Too Small to be a Target
You’re wrong. There’s no sugarcoating this, you’re simply wrong. Every company should consider itself a target for threat actors because data is valuable. If you can’t see the value in your company’s data, it’s because you are the value. Say you have a data set that is truly lacking in value to the general public. It’s still valuable to you which makes it a great target for ransomware. Your data is valuable, and your company is not too small to be a target.
Outside of becoming an even bigger target than you already are, failure to update end of service life devices will hamper your productivity. Programs work with certain operating systems. Let’s say you buy new accounting software for your tax firm. You’ve replaced several machines recently and the software works great on your Windows 10 machines, as it was designed to do. However, you’ve got five employees working off Windows 7. They’re struggling because the software isn’t designed for that operating system. You’ve drastically reduced the productivity of 5 of your employees. If one of their devices crashes while they’re working you’re less likely to recover everything that was on the machine.
Microsoft End of Life Costs
As mentioned above there is regular support and extended support. Extended support is expensive. For an EOL 2012 server, the extended support cost by year goes as follows: one year = 75% of the initial license cost, two years = 100 %, and three years = 125%. The kicker is after three years you still must purchase a new server. It makes far more sense to simply purchase the new server. It’s important to note EOL 2012 servers are already past extended support and should be replaced asap.
Let’s say you choose not to update, still believing your company isn’t a target. Your company suffers a cybersecurity incident, we’ll say ransomware. A threat actor has gained access to your system and had some time to do some digging around, now they know exactly how much cash on hand your company has. They would then attempt to ransom your data back to you for that exact amount of money. Here’s the real kicker, they’re a criminal so you pay that money, who’s to say they return your data? How do you know they didn’t install a foothold in your system to do this again? How do you know the software they’re using will even work? It’s not like hacking software is regulated.
End of Service Life: The Bigger Picture
Another huge cost to consider is your company’s reputation. Both your customers and vendors now have to analyze the risk of doing business with you. “But we have Cybersecurity insurance.” Cybersecurity insurance doesn’t cover relationships and reputation. It also doesn’t insure your data.
Yet another cost: compliance. That’s right, your compliance depends on supported operating systems for both computers and servers. HIPAA Journal gives detailed look at the cost of a HIPAA violation. If you’re keeping track, we’ve now spent the cost of data recovery, the downtime and loss of productivity, the loss of trust with both vendors and clients, and the fines. Don’t forget the hacker knew how much cash you had on hand and leveraged it all against you. This is a potentially business-ending incident.
Heed the warnings: update the operating systems, and update the servers. Hire professionals to help you navigate these obstacles along the way. Many small and medium businesses reap the benefits of hiring a managed service provider. Reach out to Hill Country Tech Guys today and we’ll help you set up a plan tailored to your company’s needs, and we’ll keep track of the growing list of Microsoft end of life devices for you.