With just one week to go until Windows XP is scheduled for official End of Life (EOL) on April 8, it’s clear that many businesses will be at risk of data loss if action is not taken now. Almost a third of the world’s machines are still running Windows XP, and many of these businesses are in need of security consultancy and advice to help mitigate risk past the looming April 8 deadline.
As part of Windows XP EOL, Microsoft will not only discontinue technical support but also security patches for XP, leading to a huge opportunity for security risks when vulnerabilities are made public but patches are no longer provided. Think of it like this: every time a security patch is issued for Windows 7 or Windows 8, it’s like a personal tip off to cybercriminals to look for possible vulnerabilities to exploit in XP. Helping organisations understand this risk and, importantly, the options available, the channel can not only explore new revenue streams and expand offerings, but ultimately be valued as a trusted advisor, integral to their customers’ success.
Businesses of all sizes are in need of guidance as they try to navigate through a changing and increasingly complex security landscape. We know many retailers for example, are struggling with the migration due to application compatibility issues with many Point of Sales systems only supported by Windows XP. Many retailers also don’t fully understand the risk of compliancy, such as PCI DSS, being invalidated should they continue with an unsupported and unprotected system. Providing step-by-step guidance on migration plans or advice on the short-term security measures to maintain data security, will ensure partners are best placed to offer a long-term roadmap for IT requirements.
So how should the channel approach organisations and what advice should partners give when it comes to Windows XP security? We’ve listed our top four security measures for businesses below, which should serve as a starting point to engage with any business:
- Let roles and responsibilities define privileges: All too often admin rights are given to all staff by default – the channel should educate businesses that potential security issues can be substantially mitigated by normalising user privileges according to roles and responsibilities and only giving admin rights to those who need them.
- Buffer overflow protection: Ensure customers have storage and buffer overflow protection enabled to help protect against malicious exploitation. Unsupported operating systems such as XP become a greater risk to zero-day threats, which means businesses must make use of intrusion prevention systems.
- Deploy dynamic whitelisting: To better control unauthorised software from being installed and executing on legacy systems, resellers should advise businesses to deploy dynamic whitelisting. This will reduce the need to constantly chase software updates and patches (including Microsoft patches and security updates), to keep up with the ever increasing tide of malicious software. Instead, if an application is not on the whitelist, it is prevented from executing, is reported and the endpoint remains safe.
- Make real-time visibility a priority: One of the biggest threats to businesses of all sizes is delayed discovery and remediation of attacks. Real-time visibility is critical to give companies a head-start so they can quickly identify and remediate attacks attempting to exploit XP vulnerabilities