How to protect your Windows 7 computers and data after Microsoft cuts off support

With no bug fixes or patches available for Windows 7 after Jan. 14, Veritas CIO John Abel offers tips to safeguard the PCs in your organization.

How to protect your Windows 7 computers and data after Microsoft cuts off support

Windows 7 is due to reach the end of its extended support life on Jan. 14. This doesn't mean the OS itself will go kaput; rather that Microsoft will no longer provide security fixes, patches, and other updates for the more than 10-year-old operating system.

Any new flaws or security holes discovered beyond that deadline are expected to remain unfixed and unpatched by Microsoft, entailing a risk for such PCs and their owners.

Microsoft is naturally urging organizations and individuals alike to migrate to a supported version of Windows, most obviously Windows 10. 

Individuals typically face a less onerous process performing such a migration as they may have only one or two computers that need to be upgraded.

Organizations face a much larger challenge as they have hundreds, thousands, or tens of thousands of PCs to upgrade, each with hardware and software that need to be compatible with the new OS.

SEE: Choosing your Windows 7 exit strategy: Four options (TechRepublic Premium)

Given the challenges of a migration, many organizations are still running Windows 7 in their environment. The latest data from both NetMarketShare and StatCounter give Windows 7 around a 26% slice of the OS market. That percentage shows a steady drip over the past few years but still represents a sizable number of PCs, especially in the business world.

Of course, organizations still using Windows 7 at this point won't be able to upgrade in time to meet the deadline. Even those in the middle of or reaching the end of their migration may not hit the finish line soon enough.

Given the challenges involved in migrating to a new version of Windows, many companies have likely tried to delay the task as long as possible. Some organizations may also have stray computers here and there running Windows 7.

Still other organizations and individuals may continue to run Windows 7 with no definite plans to upgrade. People sometimes dismiss or diminish the potential risks in running an unsupported operating system, believing that they'll be safe and secure with the proper anti-virus software and other protections in place. But that's a misconception, at least based on past experiences.

In 2017, the WannaCry ransomware virus hit a large numbers of computers. Initially, Microsoft released a patch only for its supported operating systems, including Windows 10, Windows 8/8.1, and Windows 7. 

As Windows XP was no longer supported by this point, those PCs were vulnerable. To limit the spread of WannaCry, Microsoft did eventually release a patch for XP. But the incident shows the risk of continuing to use an unsupported OS.

To help organizations still running Windows 7, Microsoft sells Extended Security Updates (ESUs). Available through volume licensing agreements, ESUs provide critical and important security updates for up to three years after a product is cut off from extended support. 

ESUs are not designed as a permanent fix but rather a temporary measure as organizations migrate to a supported OS.

Tips for safeguarding data

Beyond purchasing ESUs and moving forward with a migration, organizations still running Windows 7 need to protect their data from security risks. Toward that end, Veritas CIO John Abel has several recommendations and thoughts on how to best safeguard your data.

  • Educate employees. Make sure your employees and users are following best practices for saving and storing data. Consider running a simulation to ensure that your employees know what to do in the event of a security breach or other incident.
  • Evaluate risk. Understand what data is at risk and where it resides. Data visualizers and analytics tools can help you identify where your key data lives and make sure it complies with company policies and industry regulations.
  • Run patches. Run patches while you can and make sure they are up to date.
  • Back up data. Ensure that data is backed up through a "3-2-1 rule." This means that you have three copies of your data, two of which are on different storage media and one of which is air gapped in an offsite location, meaning it's isolated from the public internet and from unsecure systems.

Protecting yourself against malware and ransomware as exemplified by WannaCry is another critical task. As Abel told TechRepublic, there were 151.9 million ransomware attacks in the first three quarters of 2019, according to data from SonicWall.

"That's a huge number but we're noticing a drop in attacks as hackers try to avoid detection by going after high-value but less protected assets," Abel said.

"In many cases, 'less protected' will mean devices running software that isn't being patched—such as an outdated OS. The best way to avoid being a victim of ransomware is ensuring that your data isn't vulnerable—even if a device is compromised—by ensuring that you can restore data from a safe place."

Another concern is whether running an unsupported operating system could run afoul of GDPR or other regulations. In this case, the key factor is understanding what and where your data is, according to Abel.

"The key thing with GDPR is understanding what and where your data is," Abel said. "This ensures that you can manage and protect it appropriately. With the introduction of additional vulnerabilities, such as the use of devices that are no longer being patched against new vulnerabilities, businesses need insight to be able to avoid additional risk. For example, they need to know if they have personally identifiable information (PII) on devices that are now more vulnerable."

In addition to Windows 7, Windows Server 2008 also reaches the end of extended support come Jan. 14. Though servers may be better protected against security risks than are workstations, they can still be vulnerable. And they often hold critical data.

"Obviously, servers may not be as exposed as laptops and PCs as they are usually inside a protected environment and not susceptible to the same type of mobility and therefore vulnerability," Abel said. "However, the data exposure and risk can be even greater as servers tend to hold more sensitive data and the potential for impact to an organization is significantly increased."

Finally, organizations still need to plan a migration away from Windows 7 as a permanent solution. But that does require time and planning.

"The timeframe, approach, and plan will completely depend on the size and scale of an organization and the capabilities that exist within the IT function of the enterprise," Abel said. "As with any migration, the potential for things to go wrong is always present and the way to mitigate this is to ensure that data on devices is fully backed up and recoverable before the migration begins."

Also see


Image: Matt Elliott/CNET