Is it Safe to Keep Business on XP? What Comes Next
Sarah H McMullin, Camino Information Services
First, Microsoft announces it will be pulling support for XP, the operating system still utilized by
hundreds of millions of computers. Second, a security flaw in Internet Explorer, making users of IE
vulnerable to hackers seeking to collect private information. Finally, Microsoft announced a patch to fix
the bug in IE and also included a fix for XP users who expected to see an end to all patches and support.
So what does this mean for business owners and enterprise users of XP? Are they safe staying with
what they know and avoiding the cost of an upgrade? Will patches keep coming despite the
announcement they are finished?
In a word, no. Remaining on XP is not a safe choice. This recent security threat and the need for an XP
patch to fix the problem only exposes how dangerous it is to keep secure information on a machine
running a system hackers know won’t receive security updates. Even if the updates were to continue,
and Microsoft assures they will not continue, XP has a target painted on its back, and no business should
risk storing sensitive information on vulnerable machines. Even companies who do very little work on
computers should still make an effort to protect any employee data or account information stored on
their dormant devices.
This potential threat is especially relevant for any business with information that is subject to Sarbanes-
Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and
Accessibility Act (HIPAA), or Gramm-Leach-Billey Act (GLBA) legislation. While these regulations don’t
specifically ban using old operating systems, they do require that information must be protected from
threats in security, and holding onto a system that will not receive updates might be considered a
violation of that requirement. In a more generally applicable scenario, a customer who sees their data
being input into a screen with XP in the corner might hesitate to invest their trust because of those two
letters, and losing trust means losing business.
What can organizations do now that the time has already passed for continued XP support?
Before doing anything else, they should check for the XP update. If the update was not done
automatically, they must assure that the most recent patch for XP is installed so all machines are as
current as they can be. Second, if using XP is vital to continued operation of the business, maybe
because of an expensive piece of legacy software, companies should consider virtualization. Running on
a “virtual machine” will have the familiar look, functionality, and compatibility of XP but within the
safety of a protected environment. If virtualization isn’t necessary or reasonable, a full upgrade to a
more modern operating system like Windows 7 or 8 is in order.
While upgrading operating systems, and potentially also computers, might seem costly, it is not
necessarily out of reach. Cloud technology allows businesses to operate without the need for uber-
expensive machines for each user and offers the benefit of being able to expand and contract IT budgets
much more nimbly as demand dictates, saving money through improved efficiency. Of course the
potential cost to a business if a security breach occurs could be catastrophic.
As always, even after updating and upgrading, users should be aware of emails and links that look
suspicious or ask for personal user information.
Sarah McMullin is the Customer Development Specialist for Camino Information Services, an IT solutions
company specializing in helping businesses grow with Affordable Innovation.