Two Very Real IT Security Threats

I published the following in the Sunday, January 19, 2020 editions of Foster's and Seacoast Sunday and want to share it here as well.

This past Tuesday, Jan. 14, Microsoft officially ended support for the Windows 7 operating system. This has been well publicized over the last year plus, but many people have not heeded the warnings. I have written about this in the past as well, most recently in my Aug. 6, 2019, column, Tech Talk: 165 Days Left So Don't Wait.

So what does it mean when Microsoft ends support for an operating system? It means that there will be no more operating system updates issued from the company. More importantly, this also means that there will be no more security updates. As new vulnerabilities come to light, hackers will exploit these vulnerabilities and be able to gain access to the machine or worse, your identity.

If you work in a company that is still using Windows 7, you may be able to buy some time. Microsoft is offering a security update only subscription for users with Windows 7 Professional and Windows 7 Enterprise. For around $60 per computer, per year, you can still receive security updates, but the timeliness and pro-activity of this service remains to be seen. There is no question the right thing to do is upgrade or replace computers running Windows 7 before hackers exploit them. If you work in any type of regulated entity like financial services or healthcare, you are no longer compliant if you still have even a single Windows 7 computer running on your network.

For personal computer users, you have no options. Your only solution is to upgrade your operating system to Windows 10 or replace the computer with a new machine running Windows 10. To not do so is simply negligent.

The other increasing security risk I am seeing is a marked increase in phishing email messages. Most importantly, these messages are becoming more and more sophisticated. Phishing email messages are ones that look legitimate but are anything but. They often appear to come from someone you know and use language that seems familiar and typical for that person’s communications style.

These messages ask you to click a link or open an attachment that is malicious. If you have a robust email security solution in place, it may trap the message or flag it as a phish. If the message gets through, you hopefully have link protection and DNS filtering in place, which will check any link you are asked to click and alert you if the site the link is sending you to is legitimate or malicious. Many email security solutions also leverage “sandbox” technologies that extract any attachments or links and test them in a safe environment before sending the message through to you.

Regardless of the security layers you may have in place, my recommendation is to always verify, by voice, with the sender to confirm the email is legitimate. There is really no other way to assure your safety. You simply can’t be too careful.

With the rise in global tensions of late, security experts continue to warm of increases in cybersecurity risks. Many expect very targeted attacks on specific industries, but others warn that ransom more nuisance-oriented attacks are likely to flood the business community, seeking to disrupt commerce.

Hopefully, you are well aware of these threats and have taken proactive steps to alleviate them. If not, now you know. Please take steps to make sure that you remain safe from these and other emerging threats.

1 comment