Win 7 Sunset Increases Ransomware Risk: 5 Tips to Secure PC Data

On Jan. 14, Windows 7 will reach its end of life. Despite five years’ notice, one quarter of PCs are expected to still be running the soon-to-be retired software. With no ongoing support for bug fixes and security patches, these users are at increased risk for cyberattacks such as ransomware.

When the WannaCry virus flooded PCs in 2017, Europol estimated that 200,000 devices in 150 countries, running older, unsupported software were infected. Although only $130,000 was paid in ransoms, business felt an impact of billions of dollars’ worth of lost productivity and data.

Go here to read eWEEK’s Top Cloud Storage Companies list.

Veritas, a data storage and management provider with longstanding and respected status in the business, is advising businesses running Windows 7 to prepare themselves in order to avoid the impact that vulnerability to ransomware could have on their organizations, and it is offering five tips that could help PC users to navigate the challenge. Here are some key data points from CIO John Abel of Veritas.

Data Point No. 1: Educate your employees.

Human error is the root cause of most successful cyberattacks, and it played a major role in the WannaCry ransomware epidemic. From falling victim to social engineering to failure to run security patches, an organization’s employees are its biggest security risk. When it comes to data security, employee education and training is critical to ensure every user understands and follows best practices for proper data handling and storage.

Data Point No. 2: Understand your data.

To properly evaluate their risk, organizations must first understand their data. Where is it? What is it? Is your most valuable or sensitive data, such as financial or PII, secure? Insight software solutions can help to identify where key data lives and ensure that it complies with company policies and industry regulations. Knowing where your most critical data is stored also helps with data recovery following an attack.

Data Point No. 3: Run security patches.

Research by the Ponemon Institute found 60 percent of respondents who experienced data breaches had a patch available to them to prevent breaches but didn’t apply it. Don’t wait to run the patches Microsoft has made available and be sure to check for the most current patches. Users will also be able to buy “ESUs” from Microsoft to access patches during their migration to newer software.

Data Point No. 4: Practice the ‘3-2-1 Rule’ for data backup.

The best way to avoid being a victim of ransomware is by making sure your data isn’t vulnerable–even if a device is compromised–by ensuring that you can restore data from a safe place. The “3-2-1 Rule” advocates that organizations should have three copies of their data; two backups should be on different storage media such as tape and cloud, and one should be air-gapped in an offsite location to provide safe, reliable data restoration.

Data Point No. 5: Upgrade to new software or OS.

While not practical for larger enterprises in the limited time available, organizations should consider a software upgrade as part of a longer-term strategy. For small-to-medium businesses, the most sensible solution might be simply to upgrade to an operating system with ongoing support.

If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.