It’s time for Tech Tuesday, where we answer reader questions!
We’ve been asked a lot lately…What does the “End of Windows XP” mean?
As Microsoft announced some time ago, support for Windows XP stops on April 8, 2014. By all means hit the link for the official Microsoft countdown clock.
What’s the official Microsoft stance?
Simply, that Microsoft will not be working on any more Windows XP security updates after April 8. And if Microsoft isn’t fixing XP problems, no one else will be either.
But what does that mean?
For some people, it’s not a big deal. The sun will rise, the computer will start, and the world will go on.
If you use your computer in business it’s not so simple.
A major part of any security standard includes running a supported, up-to-date operating system.
PCI-DSS, HIPAA, Sarbanes-Oxley, and Mass 201 CMR 17.00 all mandate that your computer systems must be running supported operating systems with reasonably current security updates.
If you can’t update the operating system you can’t be in compliance.
The safest advice at this time:
- If your business stores health care or patient information on your computers;
- If your business processes credit cards using computers;
- If your business is a publicly-traded entity that’s subject to SEC or other government oversight;
- If you process or store account information concerning Massachusetts residents;
Then you are obligated to be compliant.
It’s early March…a bit late to get into a large-scale shift, but there’s still time for most smaller businesses to act. And starting to do something, even if you miss the “deadline” by a few weeks, is better than doing nothing.
What to do?
There are several approaches:
- You can buy new computers that run a supported system like Windows 7 or Windows 8.
- If your computers are relatively new (2010 or later) they may be able to upgrade to Windows 7 (or 8).
- If you have a large number of older computers, we can install a Windows MultiPoint Server or Windows Terminal Server, and reload your desktop computers as “thin clients” that only are able to initiate a connection to your server.
- You may be able to devise policies that restrict credit card entry, etc to certain computers.
It’s time to think about this, and act soon.