The End is Nigh for Microsoft's Windows 7 Operating System

Posted by Maddie McKechnie on 6 February 2019

 

Support for Windows 7 will cease in January 2020; are you prepared?

As the saying goes, all good things must come to an end. Over the recent years, Microsoft has slowly been scaling back support for the Windows 7 operating system, but in January next year support will officially come to a close.

When Windows 7 becomes end of life on January 14 2020, security vulnerabilities and software bugs will no longer be patched by Microsoft - which could leave your machine insecure, glitchy, and incompatible with many modern software programs.

The easy answer is to upgrade to a Windows 10 machine. A great deal of individuals and enterprises on the Central Coast have already upgraded and are using Windows 10 like they knew nothing else ever existed. However, Net Applications reports that 37% of people are still hanging on to their Windows 7 machines, despite being surpassed by Windows 10 almost four years ago.

Does your desktop look like the above? If so, you could be running Windows 7.

While familiarity with your Windows 7 device can be hard to break, staying with the ten-year-old platform is not worth the risks it could bring in to your home or business.

Let's look at the risks involved when Windows 7 becomes end of life in January.

  • Software Incompatibility. Many software providers have already announced that their products will no longer be compatible with Windows 7 machines. This means that the software won't receive feature updates or bug fixes, and the software vendor won't be able to provide technical assistance. In some cases, the software itself simply won't be able to install.
  • Security Vulnerabilities. If you are running a Windows 7 machine, it will no longer receive any security updates from Microsoft, which could leave your network exposed to malicious attacks and data breaches. Windows 7 is already a ten-year-old operating system with many known vulnerabilities, but no new security updates means that any new malware or viruses could have uninterrupted access to your machine. It's all too easy for hackers to search for internet-connected devices with these vulnerabilities, and attack them - it's akin to leaving your front doors open with a sign out the front saying nobody is home. For further information, please see this article from Tarsus Today.
  • No Support from Microsoft. If you have a problem with your machine and it is running Windows 7, Microsoft's customer service and technical support team will not be able to offer you any help or technical assistance.
  • Data Security and Compliance. If you have industry regulations regarding the protection of sensitive customer data (e.g. healthcare and finance), you could be putting your customers and business reputation at risk by using an out-of-date operating system that is known to have security vulnerabilities. Certain data breaches are now required by law to be reported under the Notifiable Data Breaches scheme and can attract financial penalties.
  • High Operational Costs. While your Windows 7 machine will not stop working come January 2020, the cost to maintain and troubleshoot legacy software could end up costing your business more than the cost to upgrade your machines. Also consider the potential losses if your business-critical software were to fail during a busy production period, and you were unable to receive support from the software provider as they no longer support the software on Windows 7 devices.

 

Windows 10 - Similar look and feel to Windows 7, plus better productivity

Windows 10 is a cleaner, modern version of the Windows 7 user interface albeit with more features.

The start menu follows the same logical sequence and has that familiarity, but there are added features such as the search bar which will activate a search across your hard drive files, control panel, and the Internet, helping you find what you need quickly.

Windows 10 has less inherent vulnerabilities than Windows 7, and the up-to-date support will keep you and your data protected. The Windows 10 software has improved stability and performance over Windows 7, and also has the Windows App Store, allowing you to download apps onto your PC, laptop, or Surface tablet just like you would on a smartphone.

Windows 10 comes pre-installed on nearly all new workstations and laptops, and has twice-annual updates that bring new features to the platform.

 

What we recommend - plan sooner rather than later and beat the rush

  • Contact a reliable I.T. service provider who can explain more about the risks of old and/or non-supported operating systems, and what changes may be required to your current I.T. infrastructure to coincide with an operating system upgrade.
  • We suggest you consider this change sooner rather than later, so that if infrastructure changes are warranted, you have plenty of time to plan for it.
  • If you need to upgrade any equipment or software, start planning now to get in this financial year's 'instant asset write-off'.
  • Avoid a last-minute panic at the end of 2019, when demand for Windows 10 machines could be at an all-time high.

You may also like to read our fact flyer sheets:

Posted in: Security IT IT Consulting Networking Security  

Hacking - A sophisticated threat to business

Posted by Michael Trimblett on 25 January 2019

Unfortunately, a business was harmed in the making of this true story.

"Your files have been encrypted. Please submit payment within 48 hours to restore your data."

Can you imagine turning on your computer tomorrow and finding all of your business data inaccessible?  Could you continue trading, or would your business come to a halt?  This is the precise scenario a small business was recently faced with.

The business owners in this article, like many people, relished in the ability to complete work remotely from the comfort of home. But without the right security in place, their open connection to the network was like an unlocked door, and it was all too easy for hackers to gain access to the company's files.

So who are these hackers? Anyone with an internet connected computer is capable of attacking you. With anonymous cryptocurrencies and the ability to attack victims across the globe, cybercrime is virtually untraceable.

What are they after? Your data and information because it is not only extremely valuable to you, but is also a valuable commodity on the dark web. Your business data is like currency. Even in a small to medium business, data is just as attractive to hackers as a corner store cash register.

Hackers have two options with your data.

  1. They recognise that its worth more to you than it is to them, so they encrypt it (locking your files) and hold your business data for ransom-Usually this is referred to as Ransomware.
  2. They recognise that the data is valuable to them as well. Your customers' bank details, credit card numbers, and Medicare numbers fetch high prices when sold on the dark web. Once sold, such data is often used to commit identity fraud. A data breach like this could have a huge impact on the life of your clients.

The situation faced by the business I alluded to in the first paragraph is an example of how hackers make money from Ransomware. Through inadequate security measures, a hacker gained access to their server, encrypted all of their files, and then issued a ransom note for 0.8 Bitcoins (at time of attack - approximately A$7,500.00). The files were largely worthless to the hacker, BUT the files were the currency and life blood for the business. Bitcoin is a digital tender and can be used to buy and sell items anonymously on the internet meaning hackers have a way of being anonymously paid.

The challenge for any hacker is to gain access to your data storage (your laptop, server etc). There are many vectors for infection (the placing of malicious software in your system) and many methods where you can be tricked into letting the infection in including spam, social engineering and malicious advertising. Other ways that hackers can break in include website hacking and exploiting insecure remote access, insecure communications, aging equipment, and vulnerabilities in your software and/or equipment.

In the example of the Business mentioned earlier in this article, it was all too easy for a hacker to break in via the remote access.

But why this business? Well, it wasn't personal. It was simply a random leveraging of opportunity and high vulnerability increases opportunity. A hacker can go on any number of public websites that lists every device open to the internet and can apply his or her automation tools to choose targets to attempt to hack into. If you are reading this on your computer right now and you're online, your IP address is one of millions around the world that may come up in such a search.

Hackers utilise products such as Shodan (like a 'Google for hackers') and Masscan, meaning they can scan all four billion internet IP addresses, looking for vulnerabilities in less than six minutes. If a vulnerability or insecure practice is found, the hacker will look to leverage this into an attack. They don't necessarily know you, they just know your IP address is vulnerable and they will try to exploit it to see if they can earn some money.

Vulnerabilities are found in devices daily. They can take the shape of mistakes in programming, insecure policies by the device manufacturer or the deliberate inclusion of backdoor access in programming. But most vulnerabilities are just human error, with programmers often working under a lot of pressure to deliver a product this is why so many updates to Windows and Mac operating systems are pushed out each month.

So, the hackers have an easy way to scan the internet, they can access the known and published vulnerabilities, they have developed toolkits which will automate the entire process, they have tools to break in (a common example is automated password guessing-or brute force password hacking) and they can make untraceable money. 

With these hacker strategies in mind, what happened with the small business in this article?  The hackers, via their search engine and automation tools, were able to isolate a venerable IP address, which in this case it was the remote connection at the server. The hacker easily found their way to the server and started a brute force password attack. This sort of attack is not flagged by Windows and can only be determined by checking the event logs of the server. The hackers eventually guessed the right password which allowed them into the server. They deployed their ransomware software which encrypted all their data and then issued the ransom.

This catastrophe could have been avoided. If you are storing your data on a server at your business and accessing it remotely, there are three key ways to prevent hacking.

  1. Set up a secure remote connection to the business via a Virtual Private Network (VPN) appliance.
  2. Have a bulletproof backup solution in place that follows the 3-2-1 backup framework.
  3. Have a strong password management regime.

Without the VPN, a remote connection opens a portal into your server that is visible and easily accessed by anyone else. A VPN reduces the 'visibility' of the remote connection and provides the security to prevent any unauthorised entry.

If the business in this article had a bullet proof 3-2-1 back-up solution in place; then at least they could have ignored the ransom, purged the server, installed the necessary VPN and endpoint security and then loaded their back-up data.

Lastly, with an appropriate password management regime, maybe the hackers would not have been able to crack this Business's password.

So, how did this story end for the Business in this article? Not too well I am afraid.  The ransom was paid but then the hackers went quiet. There has been no contact since.  They did not deliver the decryption key nor the program to decrypt the data. They had to downsize their operation significantly.

The moral to this story is this: regular security audits should be implemented on business networks to ensure best practices are being adhered to and when issues are found, it is always best to action them with urgency.

 

Download our Insight Feature on Hacking - A Sophisticated Threat to Business

 

You may also like to read these fact sheets:

Posted in: Security IT IT Consulting Networking Security  

How to ensure your I.T. is working for your business

Posted by Michael Trimblett on 14 September 2018

To be successful, a small to medium business must be seamlessly efficient and provide an outstanding customer experience. Your Information Technology should be the backbone of this goal. By investing in quality, reliable, proven I.T. infrastructure, you remove the likelihood of down-time, allowing you to concentrate on running your business and providing excellent service. Anything less will be costing you money in inefficiencies and downtime.


The Four Pillars of an effective I.T. Network
 

SPEED-The speed of your system impacts everything from staff productivity to customer satisfaction.  For optimal speed, you need to have business grade equipment, enough internet bandwidth, a server (onsite or remote) that can handle the workload and that is configured properly for your business.  You should also have a trusted I.T. provider that can perform maintenance on your system and head off downtime before it happens, and to respond quickly if things go wrong.

SCALABILITY- Scalability is simply the ability for your systems to grow seamlessly as your business does.  It means staying up to date with equipment, software and licensing, and being able to add users, updates, new applications or servers as needed.  A good I.T. provider will analyse your system and offer advice to ensure it will grow with you.


SECURITY- There are many ways in which small and medium businesses are vulnerable to security breaches, and the consequences can be devastating.  There are several things that need to be in place for full protection, including physical protection of your equipment, antivirus, password protections, your perimeter and the cloud, and solid backup policies. Your I.T. provider should be able to assure you that your business is secure from threats like hacking, accidents, data corruption and ransomware.

RELIABILITY- You need your I.T. system to be working for you all the time and at optimum speed. This means having equipment that is up to the task, warranty cover and the necessary backup. It also means having your system monitored and managed by a good I.T. service provider.  Your system is a bit like a car you wouldn't buy a car and then not get it serviced, expecting it to never break down.

Click here to download the Insight in full How to make your I.T. work for you or if you would like to know more, please contact Naomi or Michael. Alternatively, give us a call on 02-43370700

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from their base on the Central Coast.

Posted in: IT IT Consulting Networking Security Computer Software  

Scam Alert! Aug 2018

Posted by Maddie McKechnie on 1 August 2018

The latest phishing attack has made its way to the Loyal I.T. helpdesk today - with a cleverly disguised PDF attachment that asks for your email credentials.

You may have email correspondence back-and-forth with a potential client or customer that on the surface appears legitimate, but quickly goes sour once they attach a PDF document they say is related to their query, or is confirmation of their purchase.

This PDF may also appear legitimate - with a warning inside that says it has to be viewed in Adobe Reader (see left image below). If you click on this warning, you are then taken to a website that asks you to login with your email credentials in order to view the document (see right image below). These email credentials are then sent straight to the attacker, who now has full access to your email account - as well as any accounts that use those same credentials.

Phishing attempts put your business at risk, as attackers gain access to your email accounts and can send fraudulent correspondence on your behalf. This can include false bank details, theft of data, or correspondence that may damage the reputation of your business.

If you think your password has been compromised, please do not hesitate to give our office a call on 02 4337 0700.

 

Posted in: Misc IT Networking Security  

Business data backup by the numbers 321

Posted by Michael Trimblett on 11 June 2018

Like currency, your business data is life-blood; and there are many ways that business data can be lost.

Why is a reliable backup process necessary? Small to medium-sized business are statistically more likely to lose data and it can be devastating. Here's why:

  • You lose a big part of your currency to operate
  • You spend a significant amount of time and money re-working important files
  • You could be unknowingly contravening the privacy act
  • Unscrupulous people or competitors could gain access to your business information
  • Your customers' details such as email and/or mail addresses, credit card or bank details and other personal information could become available publicly

There are a series of ways to help prevent the loss of business data such as having up to date anti-virus and software security plus simple procedures and cybersecurity awareness for staff. But no matter what and how much, these will not entirely eliminate the risk. Therefore, a simple but reliable backup plan must be part of any business's procedures. The backup process will then ensure that in the event of data loss, you can recover an up-to-date duplicate record of files. And just to confirm, there are many simple (and not so simple) ways that your business data could be lost forever:

  • Theft of, or an employee loses or damages, a laptop
  • Accidental (or deliberate) deletion of files
  • Loss or damage of portable storage devices (USB or similar)
  • Physical access by an individual to unsecured documents
  • Inappropriate access to personal records by an employee
  • Breaches from hacking including ransomware
  • An employee (usually without malice) changing key attributes in 'settings'
  • Non-compliance to simple procedures such as password management and email/links protocols

Chances are, one or more of these have happened to you, or you know someone who has experienced one of these.

The 321 Backup process

You probably know about it, it's been tried and proven for many years but still to this day, not everyone has a reliable backup process in their business. The 321 backup process is simply:

3 separate copies of files
2 on different local devices devices/medium
1 offsite (NOTE: Dropbox, Google Drive or OneDrive are not strictly backup because if you delete a file on your device, it will also delete in the offsite folder).

Here is an example of an effective 321 backup process. Your business has an onsite server with 5 onsite PC's on the network and 3 offsite laptops also connected to the server via the internet. All files reside on the server. There is a hard drive backup on site hooked to the server that copies all the files. There is also a backup "in the cloud", where the files are updated and stored offsite. In this example, there are 3 copies of the files, 2 of which are on independent onsite devices and 1 copy is offsite. There can be variations on this theme depending on the configurations of desktops, laptops and users but the ratio of 321 shouldn't change. The challenge is to configure your 321 process so that backups occur at an appropriate frequency through a mix of automation and procedures.

If you would like to discuss your computer and network security or if you would like to know more, please contact Loyal I.T. Solutions on 02-43370700 or email Michael Trimblett

LOYAL I.T.- We specialise in I.T. solutions for your business; providing software, hardware, networks, configurations, consulting and support for 15 years from their base on the Central Coast.


Posted in: Services Security IT IT Consulting  
< Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Next >

Latest News

The End is Nigh for Microsoft's Windows 7 Operating System

Feb 06 2019
  Support for Windows 7 will cease in January 2020; are you prepared? As the...

Email contact

help@loyalit.com.au

for enquiries or log a job.

Hello Michael, I thought I would just drop you a quick line to acknowledge the dedication and extra efforts of one of your staff: Leon for which I am both grateful and appreciative. I know most people only report the negatives, however, I think it is important to acknowledge the positive thi...

Caz Meecham
Read All
Bookmark SiteTell a FriendPrint