Windows 7 EOL. How to keep your business safe without security updates.

We all knew it was coming: on January 14th, Microsoft finally pulled support for Windows 7. 

If you’re still running Windows 7, then you’re now relying on an unsupported, End-of-Life (EOL) product - and it’s making your business the perfect target for cyber-criminals.

Since Windows 7 will no longer be receiving any updates or security patches, your business is extremely vulnerable to every new piece of malware and virus that’s created, and every new security exploit that’s discovered. 

To help keep your corporate data and your customers safe, it’s vital that you migrate away from Windows 7 as soon as possible. 

But what if upgrading isn’t an option right now? Many businesses have legacy applications and data that they need to continue to support, or perhaps migrating away from Windows 7 requires a dramatic change to your current systems or infrastructure, and you don’t have the resources available right now. 

If you can’t migrate away from Windows 7 today, then there are steps you can take to reduce the risks associated with EOL software. In this article, I’ll be sharing 5 ways that you can continue to run Windows 7, while minimizing the risk to your business. 

A disclaimer: EOL always puts your business at risk.

With Windows 7 reaching EOL, there’s no way you can continue to use it without putting your business at an increased risk of data breaches, viruses, hacks and countless other digital threats. 

If you follow the advice in this article, then you’ll significantly reduce the risks associated with Windows 7, but an unsecured operating system can never be considered safe. 

If you want to protect your business, then you should follow all the advice in this article while also taking steps to migrate away from Windows 7 as soon as possible.

1. Replace Internet Explorer with an alternative browser 

A lot of malware is delivered via the web browser, and now that Microsoft Edge has officially replaced Internet Explorer, IE is wide open to attack. 

If you’re already running an unsecured operating system, then you don’t need to add more unsecured software to the mix! To help keep your business safe, it’s vital that you switch to an alternative web browser such as Edge, Chrome, Opera or Firefox. Unless you have a specific reason not to, you should also enable automatic browser updates as this guarantees you’ll have access to the very latest version of your chosen web browser. 

If you use any browser plugins, then it’s also a good idea to perform regular audits to make sure all of your plugins are up-to-date. If a particular plugin hasn’t been updated recently, then you should check that it’s still under active development, as the developer may have abandoned their plugin. A plugin that’s no longer under active development won’t receive those all-important security updates, and you should switch to an alternative plugin wherever possible. 

2. Check the rest of your software 

When you’re running an EOL operating system, it’s crucial that you keep everything else up-to-date. 

Many programs give you the option to download and install updates automatically, so it’s worth enabling this setting wherever possible. The process of enabling automatic updates will vary between applications, but you can typically configure automatic updates in the program’s “Preferences,” “Update” or “Settings” menus, or you can refer to the program’s official documentation for more info. 

Corrupted Office documents are another common route of attack, so it’s particularly important to keep your Microsoft applications up-to-date. Alternatively, if you migrate to the Microsoft cloud then you’ll have access to the very latest version of all the Office 365 apps, without ever having to worry about updating them manually. 

Although they’re easy to overlook, Java, Flash and Adobe Reader are also popular targets for hackers, so don’t forget to keep this trio up-to-date! Even better, if you’re not actively using Java, Flash or Adobe then you can always remove it from your machine, which completely closes this particular security vulnerability.

3. Install a premium security suite 

Now that Windows 7 is no longer receiving updates, you’ll need to enlist the help of additional anti-malware and anti-virus software, if you want to protect yourself against new and emerging threats. 

Ideally you should invest in an advanced, premium security suite that protects against all the majority security threats, including malware, viruses and ransomware, as well as more niche and specialist threats, such as cryptojacking. 

When you’re shopping for a premium security suite, make sure to check its Windows 7 support cycle. Most major security suites should continue to support Windows 7 for a while, but few companies will support EOL software indefinitely. The last thing you want is to invest time and money into setting up an expensive new security suite, only for it to become incompatible with your operating system a few months, or even weeks later! 

According to The 2020 State of the Phish Report, nearly 90% of enterprises were targeted by phishing attacks in 2019. Are you concerned your operating system is leaving you vulnerable to this growing wave of cyber attacks? Our phishing mitigation services can reduce your susceptibility to phishing attacks by more than 95%.

4. Be vigilant against security threats  

You should always be vigilant against security threats, but this becomes vital when you’re relying on vulnerable, EOL software. 

To help keep your systems safe and your data secure, it’s crucial that you follow all the latest security best practices:

Only download software from a reputable source 

Wherever possible, you should always download software from the developer or company’s official website. Although there’s countless third party websites offering free software, some of these sites wrap legitimate software inside installers that contain malware or unwanted apps. 

You should also be aware that just because a website appears high in Google’s search results, doesn’t automatically mean it’s trustworthy. Many hackers are experts in search engine optimisation (SEO) and know exactly how to score their website a prime position in Google’s search results. 

If you’re unsure whether a website is legitimate, then try searching for blogs, review websites or forums where this website is mentioned, as this will often reveal any problems people have experienced with the site. You should also be particularly wary of any website that offers proprietary software for free, as this is a strong indication that it’s a scam! 

If in doubt, then don’t put your business at risk: find an alternative place to download your software. 

Don’t get hooked by phishing scams

Phishing is a type of fraud where scammers attempt to gain access to your personal information, including your credit card details, passwords and confidential customer data. 

While phishing scams are becoming more sophisticated all the time, you should always be suspicious of any unsolicited popups, adverts, and emails, particularly if they request personal information, encourage you to click a link, or prompt you to download an attachment. 

Phishing scams are also notorious for trying to create a sense of urgency. If you receive any kind of communication warning that your account or data has been compromised, and you need to take action right now, then you should proceed with caution. 

Rather than springing into action, take a moment to verify that the communication is coming from a reputable source. You should carefully inspect the email address and contact details of the person or company in question, and think critically about how you're being addressed - a legitimate company who has access to your information is unlikely to use a vague greeting, such as “To our valued customer” or “Dear Sir/Madam.” If you’re unsure, then head over to the organization’s official website and reach out to them directly via contact information that you know is authentic, for example all of our contact information is publicly available on our website. 

Be aware of offline scams

Security threats don’t just exist online! 

Increasingly, scammers are moving beyond emails and popups, so you should be equally suspicious of any unsolicited phone calls, voicemails and SMS. For example you might receive a call from a company offering you a great deal on their software, or informing you that your account has been compromised. 

If you’re unsure whether someone is genuine, then you can always go online and cross-reference their contact details with the organization they’re claiming to represent. You can also try putting the caller’s number into Google to see whether this returns any results, as there’s plenty of websites and forums where people share information about any suspicious phone calls or messages they’ve received. 

While voicemails and SMS can be easy to ignore, if a scammer does manage to get you on the phone then they may use manipulation tactics, such as setting a deadline, using confusing jargon, or even resorting to threats. If in doubt, then remember that you can always end the call - no reputable company should try and pressurize you into handing over personal information, or push you into acting against your better judgment.

5. Consider using a virtual machine  

There’s many reasons why migrating away from Windows 7 might not currently be an option. However, if the need to support legacy applications or data is the only thing keeping you on Windows 7, then you may want to consider creating a Windows 7 virtual machine (VM). 

By creating a Windows 7 VM, you can continue to run your legacy apps and access your historical data in a virtual environment, while migrating the rest of your business to a secure, supported operating system. If your Windows 7 VM does become compromised, then you can 

simply wipe the virtual environment and setup a fresh VM, without the breach posing a serious threat to the rest of your business. 

Alternatively, you may want to consider running Windows 7 on a physical machine that isn’t connected to the Internet. Cutting Windows off from the World Wide Web is one of the most effective ways to continue using unsupported software, without making yourself the perfect target for hackers - although in today’s Internet-connected world, even disconnecting one machine from the web might not be a viable option! 

Keeping your business safe: What’s next? 

Even if you follow all of our advice, if you’re running Windows 7 then you are putting your business at risk. 

While you’re installing extra anti viruses software, replacing Internet Explorer with a supported web browser, and auditing all your plugins, you should also be making plans to migrate away from Windows 7 as soon as possible. 

At Systems Assurance, we understand that moving your entire business to a new operating system isn’t always straightforward, so why not kickstart your migration with a free trial of Windows 10? Or, if you’re ready to migrate to the cloud then we also offer a free trial of Office 365, which includes all of Microsoft’s latest security features, including Mobile Device Management and Advanced Threat Protection. 

If you’re interested in getting your hands on a free trial of Windows 10 or Office 365, then please don’t hesitate to setup a call with one of our specialist engineers, who’ll be happy to get you up and running. 

Claim Your One Month FREE Trial of Microsoft Office 365 E5 Today.

Speak to a member of our team today 0114 292 2911 or email sales@systemsassurance.com if you need any assistance.

Share this article on social media

If you found this article useful, please share it on social media. 

Subscribe to our blog...

We will only use your email to send you new blog posts.