In a Private Industry Notification announcement this month from the Federal Bureau of Investigation (FBI) about the official end of life for Windows 7, the FBI states it “has observed cyber criminals targeting computer network infrastructure after an operating system achieves end-of-life status,” and added that “continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems.”
“As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered. With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target,” the FBI notice said.
Microsoft announced the end of life for Windows 7 on January 14, but thousands of hospitals, schools, businesses, individuals and government offices still use the operating system for a variety of reasons. The FBI added that in the 2017 WannaCry outbreak, 98% of the computers infected had been running an unpatched version of Windows 7.
Migrating to a new operating system can pose its own unique
challenges, such as cost for new hardware and software and updating
existing custom software. However, these challenges do not outweigh
the loss of intellectual property and threats to your privacy.
Defending against cyber criminals requires a multilayered approach, including validation of
current software employed on the computer network and validation of access controls and
network configurations. Consideration should be given to:
Upgrading operating systems to the latest supported version.
Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and
Auditing network configurations and isolate computer systems that cannot be updated.
Auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
If you or your business have legal questions or concerns regarding communications law, computer law, privacy, or cybersecurity law matters, including review of cyber-insurance, contact attorney Jeffrey A. Franklin at Prince Law Offices.