If you’re a business still using Windows XP after April 18 2014, you may be in breach of various laws and regulations, according to a recent report from Lenovo.
If you’re handling customer data, doing business with the government, or doing business with European or other overseas companies, you are almost certainly legally required to ensure that your software systems are up to date and that you are taking reasonable steps to ensure that they are secure. Many other contracts may require the same thing.
Windows XP is nearly 13 years old, and was designed at a time when mobile and networked computing was in its infancy. It is not as secure as more recent operating systems that were designed with modern IT usage in mind. It has kept going thanks to frequent updates from Microsoft, usually within 24 hours of a vulnerability being found. Once that layer of protection is gone, XP will rapidly become unable to withstand any form of malicious intrusion.
By choosing to stick with Windows XP when it is no longer supported, argue Lenovo, a strong case could be made that you had failed to comply with those regulations or contractual requirements designed to ensure security. Using obsolete and insecure software could be seen as negligent, and open you to a major legal liability.
The costs for failure to secure data can be huge if it is shown that the data holder is at fault in any way. Recently, Idaho State University was fined $400,000 over a single breach of data after it was shown that they had failed to comply with HIPPA requirements. In addition, they estimate it cost them over $200,000 to take remedial action, and that does not include their legal fees or damage to their reputation. Could your business withstand that?
Remember also that it’s not just your office computers that are affected. If your employees are using their own laptops or working from home, then all those machines need to be compliant as well, and it’s your responsibility to make sure that they upgrade too.
We strongly urge you to upgrade from Windows XP as soon as possible and reduce your legal as well as your technical risks.