While perusing my personal bank’s website recently, I found a “frequently asked questions” entry regarding the bank’s exposure to the Heartbleed bug (none, thank you) as well as some information on the fact that this particular bank’s automated teller machines run on the Microsoft Windows XP.
They will continue to do so for a time, as the bank says it entered into a direct contract with Microsoft to provide support, even though updates for XP have now been discontinued.
Now, questions on ATM software are likely not asked as frequently as questions like, “Where is my money, may I have it, please?” but I appreciated the information. It also prompted some thought on the risk presented for businesses continuing to use XP, businesses that are not as fortunate as my Multinational Conglomerate (But Still Fairly Friendly) Bank.
The purpose of computer software support is to guard users against the known bugs, viruses and other assorted Internet creepy-crawlies that target data for malicious purposes. I know that if I were a computer hacker, I would immediately begin exploring ways to exploits this newfound vulnerability. Lucky for the world, I am not and am in fact hard-pressed to even figure out how to turn on our Xbox 360 without some coaching.
I do, however, understand risk, and know that there’s no shortage of individuals out there that have no compunction whatsoever about data thievery. Data collected by Trustwave showed that about 30 percent of operating systems still run Windows XP.
For businesses continuing to use the software, the question becomes whether the threat of something going wrong would be more costly than upgrading their company’s computers.
The answer? Yeah, it would be more costly to lose critical data, be it customer information or data necessary to run a business. Just as there is no shortage of data evil-doers, there’s also been plenty of reporting and warning that the Windows XP ship has sailed.
However, Microsoft also recently announced that it would be extending anti-malware updates through July 14, 2015. This provides a window for beginning the upgrade process for businesses that have been stalling, but the extension provides “limited” protection, Microsoft warned.
As with any risk management process, the time to plan, upgrade and protect an organization is now, not after a problem arises.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
