It is in our nature to try and get the most out of the things we purchase. We don’t often sell our cars the day the warranty ends or throw away a nearly empty tube of toothpaste. More often, we drive our cars for hundreds of thousands of miles and squeeze every drop of toothpaste from that tube.
In the small business world, this is how most approach their business software. Holding on to it until it simply does not work anymore. The trouble with this school of thought is that software does not wear out. There is no tube that empties or transmission that fails. In most cases, software can last as long as it is provided adequate hardware. In theory, this sounds fantastic. You buy a specific software once and you are set for life. The reality is that software, along with most other things in the technology world, becomes obsolete. And once it is considered to have reached its “end of life” it could put your business at risk.
Why out of date programs stick around:
For most, it is the initial investment. Not just the money spent on the software, but the time that was invested for employees to learn how the software works. Once processes and procedures are learned, it is easy to decline an upgrade as it would require further investment of time and resources. Additionally, it is common for businesses to build custom applications around specific software. Updating the software would require updating the application. This only compounds the time and resource investment associated with the upgrade process. There is also a possibility that the hardware that runs the software would need to be upgraded as well. It is not uncommon for the newest version of a program to have system requirements that are not met by a company’s current hardware. All of this could cost a significant amount of time and money, so why should businesses even consider upgrading?
When a program approaches its “end of life,” it stops receiving regular updates. Typically, the updates taper off to the point that only critical security updates are provided. Once the program reaches “end of life,” no updates are provided. This means that any new security vulnerabilities discovered go unpatched, leaving a hole in your environment’s security.
Once the program is abandoned by its manufacturer, these unsupported programs and their exploits become common knowledge to cybercriminals. Additionally, since these programs are typically 5-10 years old, the threat landscape has had ample time to evolve. Security considerations that are taken when creating a program today are far more sophisticated then they were in the past. Meaning that these legacy programs are easier to compromise, especially when they are not receiving constant updates and patches. Advanced knowledge and technical skill are not required to compromise older software. Tool kits and other resources are readily available to even the most novice cybercriminal.
The simplest fix is to update or replace out of date software. While it is easier said than done, upgrading outdated software is simply the best fix.
But not every company has the financial freedom to purchase the newest software or upgrade hardware components. At the very least, you should be patching every piece of software that is deployed in your environment. Software like QuickBooks, Office, Adobe and especially your operating systems should be on the most recent version available. Updating and patching software is so critical that we have a dedicated administrator to help ensure our client’s systems are patched and running the most recent and secure updates.
Virtualization is another option that small businesses are utilizing as a way to confine legacy software and operating systems. Using virtual environments, businesses can create sandboxes to keep out of date software isolated from the rest of their network. Eliminating the risk of a compromise spreading to the rest of the environment.
If you are still using outdated or unpatched software, you are not only foregoing new features and optimizations but putting your business at risk of a cyberattack. It is critical to keep all software up to date when possible, strengthening your overall security posture. To learn more about Windows patching best practices, click here. If you think or know that you are running outdated programs and would like to start securing your business, you can click here or give us a call at 816-222-1100.