Free support from Windows XP has come to an end, but many small firms are still running the 13-year-old OS. In fact, recent figures indicate that up to 30 per cent of businesses could still be using XP.
This figure is concerning, given the implications for firms that continue to use it. These include risks such as drive-by downloads and zero-day attacks, which take advantage of unpatched vulnerabilities.
However, there are steps you can take to stay as secure as possible:
1. Isolate XP machines from the network
Small businesses can help protect themselves by isolating XP systems from the network. This means that if the machines are compromised, attackers won't have access to your network and company data.
The first step is to identify which systems are running the OS. You may want to consider disconnecting these computers from the internet. At the same time, firms will need to closely monitor traffic and all activities within the system.
2. Buy additional support from Microsoft, on top of anti-virus from other vendors
It is possible to extend support for XP by buying a package from Microsoft. However, this can cost up to £120 per PC so would be better used for isolated XP machines only. Meanwhile, firms can also purchase anti-virus software from a number of companies, which will help protect against some vulnerabilities. However, this will not be effective in the long term.
3. Remove administrative rights
Removing administrative rights is an important step for smaller firms looking to reduce their risk: it should be mandatory for all remaining users on Windows XP. This is backed up by Gartner, which recently published its 'best practice for XP use once support has finished'. On top of this, the analyst advises, firms should remove web browsing and email software from XP, and provide these capabilities from a server-based system that is up to date.
4. Application control solution and memory protection
Gartner also suggests implementing an application control solution and memory protection. Firms can either implement a dedicated solution; a host-based intrusion prevention system; or Microsoft's Group Policy object-based software restriction policies to establish a 'lockdown' posture for XP. This will prevent the execution of arbitrary code.
5. Update the rest of your software regularly
It's also a good idea to keep the rest of your software updated where possible. This will minimise your exposure to some of the risks associated with XP.
6. Monitor Microsoft and forums
Another tip from Gartner, businesses can benefit by being proactive and monitoring Microsoft updates. Unless you have paid for custom support (see point 2), Microsoft doesn't have to publically disclose if new vulnerabilities against XP are discovered. However, if firms pay particular attention to critical vulnerabilities that affect Windows Server 2003, they will be able to get an idea on what will impact XP. Meanwhile, third-party threat intelligence feeds can add another source of information.
7. Prepare for a possible breach
Have a plan in place to respond if there is a breach to your systems. Incident response is a key part of your security strategy and a plan should be in place even after you upgrade.
8. Work out your costs
Staying with XP and protecting yourself from a possible attack can potentially be much more expensive than migrating. It's therefore worth seeking help to upgrade to Windows 8 as soon as possible. Migration can be made quicker and less painful using the services of Microsoft's hardware partners such as Dell.
9. Consider a hardware refresh
Giving up XP often means replacing business hardware. But this doesn't have to be painful: the speed and power of new PCs can make your business more efficient and productive. As the workforce becomes increasingly mobile, the choice is vast: from laptops and tablets through to desktops and mobile workstations.
10. Upgrade to Windows 7 or Windows 8.1 as soon as possible
The best advice is to upgrade as soon as you can. Windows 8.1 has many benefits: it offers a reliable and secure user experience alongside networking capabilities and features that are essential to IT administrators. The OS also works seamlessly with an existing Windows management infrastructure.