Category: Uncategorized

On January 22, 2019, The U.S. Department of Homeland Security, DHS, Cybersecurity and Infrastructure Security Agency, CISA, issued an emergency directive. This emergency directive was put into place to address ongoing problems and issues associated with global Domain Name System, or DNS, infrastructure tampering. As a business owner or executive in charge of a business, you may have many questions about this and how it can affect your business. Here is what you need to know about DNS infrastructure tampering.

What is DNS Infrastructure Tampering?

DNS infrastructure tampering involves techniques that allows an attacker access to your DNS. They are able to compromise a users’ credentials, allowing them to make changes to DNS records. Once the records are changed and altered, it allows an attacker the ability to access and intercept many things related to the network, including but not limited to your web address, your mail traffic and web traffic. An attacker can take that information and redirect incoming traffic to an unsafe website that may contain viruses or may collect information about your customer or business. When the attacker accesses your DNS, they also have access to encryption certificates, which allows certain information to be decrypted. And unfortunately, since the certificate is valid, your users will receive no error warnings that the certificate is outdated, so they may feel safe putting in personal information.

How Can DNS Infrastructure Tampering Affect Your Business?

When an attacker tampers with your DNS infrastructure, they basically hi-jack your website. They can control incoming traffic, control where that traffic goes, and see personal information, such as names and credit card numbers. Unfortunately, if your page is hijacked, you have to tell your customers that their personal information may have been compromised, which reflects poorly on you. Your customers and clients expect you to keep your page safe for them, and if you fail to do so, it can be detrimental to your business.

How Can You Protect Your Business From DNS Infrastructure Tampering?

It can be difficult to determine if your DNS infrastructure has been tampered with unless you take the time to carefully review your DNS certificates. It is recommended that you take the time to audit your DNS records, change your DNS account passwords to more complex passwords and add multi-factor authentication to all of your DNS accounts. This should be done within 10 days, as the threat level for DNS infrastructure tampering is so high. This should also routinely be done in the future to ensure your DNS certificates have not been tampered with.

DNS infrastructure tampering can create a security threat to your business. It can negatively affect your business website, and any websites that those within your business frequently visit and interact with. Fortunately, there are steps you can take to help decrease the risk of DNS infrastructure tampering and protect your business. Having the right IT team in place and learning about security threats is imperative to keeping your business safe from threats at all times.

What are the Proposed Changes to NC’s Data Breach Laws?

North Carolina’s lawmakers will consider legislation first introduced by the Attorney General Josh Stein and Representative Jason Saine. The proposed law would redefine the term “data breach” and give companies 30 days to report breaches to consumers.

For healthcare providers, this reduces the HIPAA timeframe, which states that breach notifications must go out within 60 days. According to the proposal, this gives consumers additional time to freeze their credit and take steps to prevent identity theft.

The law extends the definition of a breach to include ransomware attacks – a big change for healthcare providers, who have been targeted by recent hackers.

How Do the Proposed Changes Give Consumers Greater Control?

Consumers gain a number of protections, including the following.

• Quicker notification. Receiving notification within 30 days, instead of 60, gives consumers a heads up so that they can take action to protect their credit and identity.
• Credit freeze. Consumers can place a temporary freeze on their credit reports to prevent hackers and thieves from opening unauthorized credit cards in their name.
• Credit monitoring. If a credit reporting company, such as Equifax, is breached, they have to provide four years of free credit reporting to impacted consumers. Other organizations that are breached have to provide two years of free credit reporting.
• Clarifies penalties. Businesses that fail to report breaches within 30 days will be in violation of the Unfair and Deceptive Trade Practices Act.

What Does This Mean for Consumers?

The bill expands consumers’ right to information about the breached data, as follows.

• Consent. A company seeking access to a person’s credit information would need that person to express their permission. The reason for the request has to be provided in writing.
• Right to request information. North Carolinians can ask the consumer reporting agency to give them a list of credit-related and non-credit information, its source, and the entity or person that received it.

Why is the State Considering the New Rules?

North Carolina hosts the headquarters of many credit card companies and financial institutions and the legislation follows a dramatic rise in breaches throughout the state. According to Health IT Security, 1.9 million North Carolina residents were compromised in 1,047 breaches in 2018. This was a 3.4 percent increase over 2017.

This is the second attempt to tighten privacy laws in the state. If this bill passes, North Carolina would join several other states that have passed similar laws to combat digital thieves. For example, Colorado passed legislation to shorten their breach notification to 30 days in 2017, and Iowa is proposing a 45-day deadline to notify consumers.

Is This Just Happening in North Carolina?

On the national front, lobbyists and some Congress members are also calling for more protection for consumers whose data has been compromised. For instance, the Information Technology and Innovation Fund has suggested scrapping the hodge-podge of privacy regulations, such as HIPAA, in favor of more unified federal privacy laws.

A major FaceTime bug discovered recently has left Apple device users skittish about yet another privacy concern and forced the tech giant to scramble for a fix for the issue.

For users of Macs or iPhones, understanding the FaceTime flaw and knowing how to disable the function are important steps until the issue is fully resolved.

What is the FaceTime Flaw?

The FaceTime flaw affects iPhone users running iOS 12.1 or later. Here’s how it works. Someone calls your number using the FaceTime feature. Before you pick up, the caller swipes up and adds their own number (or any number), creating a Group FaceTime interface.

At that point, the caller can hear all audio coming through your microphone — even if you never answered the call.

News of the glitch spread like wildfire over social media. Others discovered that taking further simple actions could give the caller access to video, too.

What Is Apple Doing About the Issue?

Within hours of broad disclosure of the issue, Apple disabled the servers controlling the Group FaceTime function. As of January 29, Apple’s system status page states that “Group FaceTime is temporarily unavailable.” The company has stated that a fix is likely in a few days.

The company had first introduced Group FaceTime in late 2018 for both Macs and iPhones.

What Should I Do About FaceTime on My Device?

Users may want to disable FaceTime on their iPhones or Mac computers. It’s a simple process for either device type.

For iPhones

1. Go to Settings .

2. Scroll to FaceTime. This feature is in the fifth section of settings along with other built-in apps like Phone, Messages and Maps. If you’re having trouble finding it, go to the top of the Settings screen and type FaceTime in the search bar.

3. Click on the FaceTime bar.

4. At the very top of the FaceTime settings, there’s a label marked FaceTime with a slider. If the green light is lit, FaceTime is activated on your phone. Slide the slider to the left to turn FaceTime off.

Note: When Apple releases an iOS update, install the update, go back to the FaceTime settings and slide the slider to the right to reactivate the feature.

For Macs

1. Launch the FaceTime App.

2. Select the FaceTime menu bar from the top-of-the-screen navigation.

3. Select Turn FaceTime Off. Command-K also turns the feature off.

Note: Once Apple releases a fix, turn the feature back on by launching the app and clicking the Turn On feature.

How Did This Happen?

It’s unclear how this flaw was included in the Group FaceTime release. However, the New York Times reported that a 14-year-old Arizona boy discovered the glitch on January 19, 2019, 9 days before it became widespread on January 28.

On January 20, the boy’s mother sent a video of the flaw to Apple, warning of a “major security flaw.” She heard nothing from Apple Support and began using other channels to try to get the company’s attention. She emailed and faxed information to the Apple security team. She posted alerts to both Twitter and Facebook. Five days later, on January 25, Apple’s product security team suggested she create a developer account and submit a formal bug report.

It appears that the company didn’t react until three days later when a developer reported the flaw and a 9to5mac.com article went viral.

Apple faced criticism for its brief and limited response, which stated the company “identified a fix that will be released in a software update later this week.” In an ironic twist, the bug went viral on January 28, which is international Data Privacy Day.

Two subscription-based software programs available from Microsoft are Office 365 and Microsoft 365, both developed for small to medium-sized businesses and even larger companies. There are some similarities and differences between the two to help you decide which one you need for your organization. For even larger organizations there is Microsoft Enterprise that may have some security features that smaller companies should consider.

Office 365 is a cloud service platform that offers familiar Microsoft products like Word, Excel, PowerPoint, and other services either online or on-premises through a subscription plan.

Microsoft 365 is an all-in-one bundle that includes the Office 365 Suite, Windows 10 Pro and Enterprise Mobility+Security for a complete, interconnected experience.

Office 365 Business: This is a subscription-based version of Microsoft Office and is designed for organizations with 300 users or less and includes, 1TB of storage, basic data and app security and device management capabilities using Microsoft Intune and the Office 365 Suite, that includes the following:

• Microsoft Outlook: Outlook is Microsoft’s personal information manager used mainly for email management. The program also includes a calendar task manager, contact manager, journal, note taking and web browsing.
• Microsoft Word: Word is Microsoft’s word-processing program designed for creating documents like letters and questionnaires, as well as basic desktop publishing for creating brochures, flyers, posters postcards, and more. Word includes many features that make it easy to create professional looking documents and archive them.
• Microsoft Excel: Excel is Microsoft’s spreadsheet program that allows users to organize, format and calculate data using formulas. It also features graphing tools and pivot tables. Excel uses a collection of “cells” arranged into rows and columns in order to organize and analyze data that can be displayed as charts, line graphs or histograms.
• Microsoft PowerPoint: PowerPoint is a presentation program where users can design multimedia slide presentations. PowerPoint allows the user to attractively arrange photos, images and other graphics.
• Microsoft Access: Access is a database management system that allows users to enter, organize and run reports on a large scale. It is used by larger teams and corporations with large amounts of data. Note: Access is only available for PCs, not Apple products.
• Microsoft Publisher: Publisher is an easy to use, basic desktop publishing program with extensive tools needed to produce layouts using images, typography and other graphics. Publisher is perfect for creating business cards, promotional flyers, invitations, greeting cards, calendars, and newsletters, to name a few. Note: Publisher is only available for PCs, not Apple products.
• Microsoft OneNote: OneNote is a program for taking notes, whether handwritten or typed, drawings, screen clippings and audio and sharing them with other OneNote users. It is meant as a free-form, collaborative program.

There are three tiers of Office 365 Business that include: Business, Business Premium and Business Essentials. Business is the basic level that offers desktop versions of all the office applications, file storage and sharing with one TB of OneDrive Storage. Business Premium and Business Essentials offer other services to not only organize your office but to nurture relationships, connect teams, and manage all aspects of your business. The subscription ranges from $8.25 per month per user for basic to $12.50 per month per user for premium.

Now moving on to Office 365 and what makes it different. Office 365 is an upgraded version of Office 365 Business that offers even more, especially in security. The main difference is all of the security features that are not available on Office 365 Business Premium. The following are Office 365’s security features:

• Provides business protection from unsafe attachments, suspicious links, attachment checking and scanning
• Provides information protection policies to help control and manage how information is accessed
• Provides controls to protect company data on personal mobile devices
• Provides archiving capabilities, data preservation and continuous data backup that is accessible from anywhere 24/7

Device management is another upgrade that is not available on Office 365 Business Premium. Subscribers will get upgraded to Windows 10 Pro from Windows 7, Windows 8 or Windows 8.1 Pro. There are also simplified controls to easily manage Windows 10 Pro PCs, self-service PC deployment with Windows AutoPilot and secure management for iOS, Android, Windows and MacOS devices.

The subscription fee is $20 per user (up to 300 users) per month.

Small-to-medium-sized businesses looking to transition to Office 365 need to buy Windows 10 Pro and then subscribe to a security service individually as well as making sure all of their users are properly connected and covered under the security subscription.

On the other hand, when transitioning to Microsoft 365 everything is integrated from the start. This makes it easier from a buying perspective and easier for end users to navigate. Deciding to subscribe to the entire Microsoft ecosystem from the beginning provides businesses the opportunity to have all the tools they need to successfully run their businesses.

There are many things to consider before deciding what is right for your organization. If you can answer, “yes” to the following questions, then Microsoft 365 Business may be for you:

• Are you a small to medium-sized business with under 300 users?
• Are the majority of your PCs not running Windows 10?
• Is your business behind in security and device management?

It is important to note that some of the Microsoft Enterprise E3 security features (the price is the same as Business Premium) may be right for your business needs.

Microsoft 365 has many features to offer businesses that haven’t transitioned to Microsoft Office 365 and need to get set up quickly. Microsoft 365 Business should be especially popular among new small to medium organizations that require a collaborative environment. For more information and guidance to research, compare and decide what is best for your business by referring to the following websites:

• Office 365 Business: http://products.office.com
• Microsoft 365 (includes video and guided tour): https://www.microsoft.com/en-US/microsoft-365/business#pmg-cmp-desktop
• Office 365 Enterprise: http://products.office.com/en-us/business/compare-more-office-365-for-business-plans
• Additional Questions: Email: {email}.

2018 turned out to be a year of record fines for HIPAA violations. Over $25 million in fines, with the mean fine being just over $2.5 million. Could your medical entity bear that financial burden? Would it suffer irreparable harm from the adverse publicity? And just what violations did these healthcare entities do to get scrutinized, investigated and penalized?

Since 2016, settlements and fines from the Department of Health and Human Services’ Office for Civil Rights (OCR) have risen substantially. Healthcare entities should expect that this trend may continue and remain committed to avoiding HIPAA security breaches, negligence and failure to follow long-standing policies.

2018 Review of OCR Settlements

Whether your business is a smaller, private entity or a large, public entity, OCR investigations are expensive and potentially damaging to your business’s reputation. Prevention is our best defense – don’t let these errors happen.

• Fresenius Medical Care North America. $3,500,000 – Settlement. Risk analysis failure. Impermissible disclosure of ePHI. No policies covering electronic devices. Insufficient encryption; inadequate security policies; inadequate physical safeguards.
• Filefax, Inc. $100,000 – Settlement. Unauthorized disclosure of PHI.
• University of Texas MD Anderson Cancer Center. $4,348,000 – Civil monetary penalty. Impermissible disclosure of ePHI. No Encryption.
• Massachusetts General Hospital. $515,000 – Settlement. Filming patients without consent.
• Brigham and Women’s Hospital. $384,000 – Settlement. Filming patients without consent.
• Boston Medical Center. $100,000 – Settlement. Filming patients without consent.
• Anthem Inc. $16,000,000 – Settlement. Risk analysis failures. Inadequate review of system activity. Failure to respond to an identified breach. Lacking technical controls to thwart unlawful ePHI access.
• Allergy Associates of Hartford. $125,000 – Settlement. PHI disclosure to a journalist. No sanctions against an employee.
• Advanced Care Hospitalists. $500,000 – Settlement. Unauthorized PHI disclosure. No BAA (business associate agreement). Deficient security measures. No HIPAA fulfillment efforts before April 1, 2014.
• Pagosa Springs Medical Center. $111,400 – Settlement. Failure to end employee access. No Business Associate Agreement (BAA).

Don’t forget about your State’s Attorney General’s Office

Medical entities also saw a rise in fines/monetary penalties from state attorney generals. While the penalties are not always for HIPAA violations, they are still a distraction from your healthcare entity’s mission statement, requiring employees’ time and financial resources devoted to defending you against violation of state laws and HIPAA violations. Some states have become more aggressive in enforcement of HIPAA violations. The Northeastern states – New Jersey, New York, Massachusetts, Connecticut and the District of Columbia – have stepped up their enforcement efforts along with Washington State (who has yet to announce a settlement amount with Aetna). Defendants in these actions include insurance companies, hospitals, medical groups and even a transcription company.

State settlement amounts have ranged from a low of $75,000 to a high of over $1,000,000.

Common sense and training along with competent managed IT services will help ensure that your business is at decreased risk of HIPAA fines and penalties.

The deeper your understanding of the scope of potential HIPAA violations, the less likely you’ll be guilty of violating patient privacy. The Department of Health and Human Services publishes OCR news and bulletins on its website. Details of every action are published on a timely basis, including a PDF of the resolution agreement.

Make it a point to review the OCR website on a monthly basis. This site will provide insight into the actionable behaviors that employees or departments may commit.

Many of these offenses seem obvious in retrospect. Ensure that every employee understands these simple violations.

• Business associate agreement. Ensure that BAA agreements with outside vendors are properly executed and that the vendor owner (or their authorized agent) knows of this agreement.
• Terminated employees. Have a written policy regarding terminated employees so that their access to confidential patient information is terminated immediately. Your HR department and IT services vendor should work in unison to change passwords/deny access as soon as the employee leaves or is terminated.
• Filming patients without consent. Don’t be lured into a major HIPAA violation by television and documentary filmmakers. While upper management and the CEO may feel that being featured in a TV series will bring prestige and goodwill to the facility, patients don’t feel that way and are protected by HIPAA.
• Healthcare entities must be proactive in protecting data. Seemingly simple violations like insufficient encryption, no response to a breach or not providing HIPAA training to employees are not a viable excuse to OCR or state attorney generals.

Cybersecurity may be seen as a burdensome expense – protection of data is expensive, but it protects your business’s ability to recover in the event of a natural disaster or ransomware attack. Many of these settlements and penalties resulted from simple mistakes which would not have been costly to avoid. Be proactive and develop a plan to avoid expensive, avoidable HIPAA violations.

In March 2018, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection.

What Laws Are on the Books About Cybersecurity?

In 2018, there were more than 275 cybersecurity-related bills introduced by state legislatures in 33 states, Washington, D.C., and Puerto Rico. The legislative action covers a broad range of cybersecurity topics, including:

• Appropriations
• Computer crime
• Election security
• Energy and critical infrastructure security
• Government and private-sector security practices
• Incident response remediation
• Workforce training

For companies, especially those that work across state lines, the variances among state laws creates a challenge in tracking requirements and remaining legally compliant.

For example, while most states require immediate notification of a data breach “without unreasonable delay,” the deadlines are varied. Nine states require notification within 45 days, South Dakota allows 60 days and Tennessee allows as many as 90 days. In addition, most states require written notification while some allow for notification via telephone or electronic notice.

While states have focused much of their recent legislation on data privacy, there are many other components of cybersecurity. Again, there is no uniformity. In fact, most states do not have laws about other important cybersecurity issues:

• Half the states have laws addressing denial-of-service attacks.
• Just five states explicitly cite ransomware in statutes.
• Phishing laws are in place in 23 states and Guam.
• Twenty states, Guam and Puerto Rico have laws regarding spyware.

While broader laws addressing malware or computer trespass may be used to prosecute some of these attacks, the discrepancies further illustrate the different approaches and terminology states use.

What States Have Strong Data Privacy Laws?

Here are a few examples of states that have strong legal provisions within their cybersecurity and privacy laws:

• Arkansas. Parental consent is required before student information can be shared with government agencies.
• California. The state passed sweeping data privacy laws in 2018 requiring businesses to inform consumers of what personal information is being collected, disclosed or sold. The law, which goes into effect in 2020, contains provisions giving consumers the right to opt out of having their data sold to a third party. California is the only state with a constitutional declaration that data privacy is an inalienable right.
• Delaware. Recently passed laws restrict advertising to children and protect the privacy of e-book readers.
• Illinois. The state is the only one to protect biometric data.
• Maine. It’s the only state that prohibits law enforcement from tracking people using GPS or other geo-location tools on computers or mobile devices.
• Utah. The state is one of only two that requires ISPs to obtain customer consent before sharing customer data.

What States Have Weak Data Security Laws?

Despite the growing legislative controls on cybersecurity issues and public expectation for data privacy, there are many states that have laws that are lacking, including:

• Alabama. There are no laws on the books that protect the online privacy of K-12 students.
• Mississippi. To date, no laws exist that protect employee personal communications and accounts from employers.
• South Dakota. Companies can retain personal information on employees indefinitely.
• Wyoming. Employers can force employees to hand over passwords to social media accounts.

How Long Does a Company Need to Retain Personal Identifying Information?

Many companies struggle knowing when or if to hold onto personal information on consumers. The challenge is that laws vary greatly from state to state. As of January 2019, according to the NCSL, only 35 states have laws requiring businesses or government entities to destroy or dispose of this data at all.

Of those 35 states:

• Only 14 require both businesses and government agencies to destroy or dispose of data.
• Virginia requires government agencies only but excludes businesses.
• Nineteen states do not require government agencies to dispose of or destroy personal information.

Where Is the Federal Government in Cybersecurity?

The federal government has many laws and rules regarding cybersecurity, from HIPAA to the Cybersecurity Information Sharing Act, which allows for the U.S. government and technology or manufacturing companies to share Internet traffic information.

Other proposed legislation has hit some roadblocks. Take the Data Acquisition and Technology Accountability and Security Act, which would have established a national data breach reporting standard. State attorneys general strongly opposed the legislation, introduced in March 2018. The 32 state AGs argued that the bill would weaken consumer protections, make state laws stronger, and exempt too many companies.

For companies, the variances from state to state present a complex technical challenge. To remain compliant, they need policies, tools and solutions that ensure data is protected and secure.

Managed service providers (MSPs) offer a powerful option to address many data issues. MSPs provide cloud-based, off-site, secure data storage and automated backups. Data, systems and networks are monitored 24/7 to detect and remove unwanted activity. The advanced firewalls, enterprise-strength anti-virus tools and employee education that MSPs provide help maintain compliance and keep data safe from the attacks that trigger responses.

The growth of state legislation to address cybersecurity issues is welcome. The challenge for companies is finding a reliable solution that allows for responsive and responsible action.

Several events in 2018 brought cybersecurity to the forefront of public consciousness, as major sectors– from financial institutions to Facebook– were affected by cybercrime. According to Forbes, 34 percent of US consumers had their personal information compromised in 2018. Security experts and business leaders are constantly looking for ways to keep two steps ahead of hackers. As we ring in the new year, predictions for 2019 are a popular topic. Here is what’s anticipated this year in the cybersecurity realm.

Tougher Regulations

As digital capabilities are rapidly gaining a worldwide foothold, data is becoming our most highly-valued commodity. Many governments are already recognizing the pressing need to protect citizens’ personal information, especially amid mounting pressure from constituents who seek to hold companies accountable. This year will see the rest of the world follow suit, enacting laws that punish corporations and other entities that do not take data security seriously enough. It’s anticipated that such legislation will seek to ensure greater protection for connected devices (also known as the Internet of Things or IoT). These measures are also expected to set cybersecurity standards that reflect the value of the protected data.

Stiffer Penalties

Enacting legislation is a step in the right direction, but appropriate consequences are usually needed to enforce it. The EU led the way in taking a firm stand against cybercrime with the GDPR. The Golden State followed with the California Consumer Privacy Act, which takes effect in 2020. These initiatives establish considerable punitive measures for hackers. The UK required Equifax and Facebook to pay maximum fines as mandated by its data protection law. This year, it’s predicted that several companies, such as British Airways, Facebook, and Google will come under intense scrutiny, and more jurisdictions are likely to enact stiff penalties– perhaps totaling as much as a billion dollars– for compromising data security.

Consistent Data Breach Patterns

Cybercriminals primarily use email and compromised privileges to access consumers’ personal data or engage in other illegal activities, and that trend is likely to remain the status quo in 2019. Businesses and other organizations are advised to put safeguards in place to control privileges and monitor emails, hyperlinks, and attachments.

Cyber Weapon Capabilities Revealed

During the post-World War II era, nuclear war seemed to be the most imminent threat to national security. Today, cyber weapons are believed to carry the greatest potential for harm. Many governments have been developing their cyber arsenal for years, with some using their newfound capabilities to disrupt political systems. Most of these clandestine efforts have been carried out behind closed doors. However, as the threat increases and countries are forced to fine-tune their tactics to defend themselves, they will likely bring their endeavors to light to create a deterrent. Showing hostile governments what might happen should they choose to attack may prevent them from completely unleashing their digital demons– at least for a while. There will likely be outliers who will continue to launch cyber attacks, despite efforts to discourage them. Therefore, companies should do their best to be prepared– developing a proactive, rather than a reactive, strategy.

IoT Working Against Us

Adding to our ever-increasing network of connected devices could have disastrous consequences. It’s expected that cybercriminals will be able to program these devices to attack humans. It may sound like the stuff of a dystopian sci-fi novel, but industry leaders predict that 2019 could well be the year that we see people using machines to target other humans to the point of causing great harm or even death. Hackers, for instance, may set programmable thermostats to keep homes unbearably warm or cold, or intentionally cause navigation systems in self-driving cars to suddenly go awry, colliding with other vehicles or striking pedestrians. These incidents could become so widespread that they span entire countries or transcend continents. For now, people still have some control over their devices. Unfortunately, however, more dire predictions are forecast when the day dawns that we surrender such control completely to artificial intelligence (AI).

Multiple Layers of Authentication

In the near future, you may need more than a password to log into your email, social media, and other Web-based accounts. Windows expert Susan Bradley reported to CSO that, “Only using a password to authenticate is increasingly leaving us open to phishing and other attacks.” As hackers become more adept at accessing your information, you may be asked to answer additional questions after supplying your password to verify that it’s really you. As this will likely prove frustrating for most users, IT providers are seeking a simpler, more sustainable solution.

Of course, with the advancement of technology comes more sophisticated security measures too, so hopefully, these predictions will not be fully realized. It makes sense though, to do everything possible to protect the integrity of your data and ensure that your team is on the same page about the security precautions you plan to take. It’s also important to stay current on the latest legislation, standards, and technology to ensure that you’re in compliance with applicable regulations and that you have the tools to provide continuous data protection. Utilizing the right strategy will also help you adapt to new developments in data security without disrupting operations or leaving sensitive information vulnerable while you search for appropriate solutions.

Use Windows 7? Do you love your Windows 7? Will your need or desire to continue to use Windows 7 surpass this year? If so, you should be aware that in just under one year — January 14, 2020, specifically — Windows 7 Extended Support ends for most users. As such, there are things you need to know and decisions you may have to make. This is your guide to understanding what the expiration of Windows 7 Support may mean for you in one year.

What is the Current Status of Windows 7?

Windows 7 is a reliable desktop OS for Microsoft users. When Windows 8 came out, the differences were so stark that most users preferred to stick to Windows 7.

Why would they stay with an outdated system?

Here’s what Windows 10 offers:

• A straightforward interface that is well-designed and laid out;
• A start menu that combines the old with the new;
• A clutter-free and clean look that is familiar to you;
• Thumbnail previews that allow you to automatically open an item;
• Jump lists that allow you to quickly access files or documents you frequently use;
• Performance that allows the system to boot up comparatively quickly;
• A new calculator to convert units, figure out fuel economy, etc.;
• A new WordPad that offers more formatting features; and — among many other features —
• Upgraded and improved media player and center.

These are just a few of the reasons that so many PC users love their Windows 7 and do not want to particularly give it up, especially when they found Windows 8 a disappointment.

In fact, StatCounter suggests that 41.86% of PC users — who according to Statista makes up nearly 84% of the market share for desktop PCs — use Windows 7 still while another 42.78% use Windows 10 and a sad 8.72% use Windows 8. Those statistics say a lot about Windows 7 and suggest that a lot of people are going to need to figure out what they are going to do before January 2020, if they want their systems to be secure and updated.

Why is Microsoft ending support for Windows 7?

There is no specific reason why Microsoft is ending support for Windows 7 come January 14, 2020, except that this date is the date provided in Window 7’s lifecycle.

Windows 7 Lifecycle
October 22, 2009	Date of general availability for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2013	Retail software end of sales for: Windows 7 Professional Home Basic Home Premium Ultimate
October 31, 2014	End of sales for PCs with Windows preinstalled with: Home Basic Home Premium Ultimate
October 31, 2016	End of sales for PCs with Windows 7 Professional preinstalled
January 13, 2015	End of mainstream support for Windows 7
January 14, 2020	End of extended support for Windows 7

As indicated in the above table, if you did not extend support for Windows 7, then the problem of extended support expiring on January 14, 2020, does not apply to you. If you had purchased that extended support, then you need to pay attention and determine what you want to do because a year will be over before you know it.

What will happen after extended support for Windows 7 expires on January 14, 2020?

Come January 14, 2020, if you are still using Windows 7, rest assured your desktop will still work; Windows 7 will continue to work beyond 2020. The issue here is your extended support.

Come January 14, 2020, extended support expires and with that expiration ends any updates to your PC. That means your system is vulnerable because the latest, most advanced security updates will not be available to you.

Who will be affected by Microsoft’s decision to end support for Windows 7?

It is important to be clear that not all Windows 7 users will be affected by the January 14, 2020 extended support expiration date. In fact, in September 2018, Microsoft announced that some business users can pay for an additional three years of security updates. Unfortunately, this does not extend to home versions.

In other words, if your windows license type is an original equipment manufacturer or a full package product, there will be no extended security updates for you, and this includes all home versions. However, if you purchased a volume license (i.e., Enterprise or Open Value) for Windows 7 Pro or Enterprise, then you can purchase the additional three years of security updates — so primarily only business users can receive the updates at a cost.

What are your options after Microsoft Windows 7 support expires?

If you absolutely must keep Microsoft Windows 7, then you have options, though they may not be optimal options. These options include:

• Playing with the idea of purchasing an upgrade to Windows 10 and then downgrading your rights to Window 7;
• Continuing to run Windows 7 without security updates, but this is not a good option because as computer desktops and software advance, so do the hackers capabilities (home users if careful, can consider it, but it is probably not an option for business users due to legal and liability risks);
• Disconnecting any Windows 7 PC from the internet, but this means disconnecting you to the very thing that keeps you connected to the world, so it may not be your best option either.
• Migrating from Windows 7 to another operating system, e.g. Windows 8 or preferably Windows 10.

What does Windows 10 offer you?

Some PC users are hesitant to switch to Windows 10 because it does have its drawbacks. Some specific Windows 10 drawbacks include:

• The increased sense that Microsoft is invading our privacy with its default settings. Most of these setting can be changed but you must go in and manually make these changes.
• The ability to control your updates is limited when compared to Windows 7. Plus, these updates are made without user knowledge — which only entrenches the sense that PC users are being spied on when something happens to their system without their knowledge, even if it is for their own security.
• The interface is less customizable (e.g., can’t change colors) — and this is unfortunate in an age where we celebrate our differences, including how we set up our interface system.
• Older programs do not run well on Windows 10, so if you have older programs, you may be in need of identifying additional and newer products or software.

That said, it is good to be reminded that even though you love your Windows 7 whether it’s because you simply love it or love it because it’s what you are familiar with, Windows 7 has its own drawbacks, too. Windows 7 drawbacks include:

• Windows 7 was released in 2009. This was a time when iPad was a rumor and mobile phones were not as advanced. Today you want software that works across all your platforms. Windows 7 can’t do this most likely, but Windows 10 can.
• If you ever needed to use a virtual desktop then you know this feature is not available in Windows 7 unless you use Desktops v2.0 software. Virtual desktops allow you to organize your space better and have become an essential tool for modern-day users. Windows 7 does not offer this capability easily but Windows 10 does.
• We all know Apple’s Siri and Google Now. These are convenient built-in assistants to help us do anything from scheduling tasks or appointments, dictating notes, playing music, adding reminders, and much more. Windows 7 does not have a built-in assistant but Windows 10 does: Cortana.
• Ever been in your Windows 7 and want to search the web from your desktop and then realize you can’t. To search the web, you have to navigate to the right tab and then look something up. Windows 7 does not offer a convenient search feature for the internet, but Windows 10 does: the search bar allows you to search anything from your folders, apps, files, Windows store, and the Internet.
• Gaming is another thing so many of us like to do today aside from work. Windows 7 has always been a trusted gaming platform — so this is not a drawback except for the fact that Windows 10 has built on Windows 7 gaming capabilities to make it even better. So, if you like gaming, whether it’s DirectX 12, PC Game DVR, or Xbox one game streaming, among others that you like to use for gaming purposes, then Windows 10 offers the best performance for you.

How to determine what you should do about your Windows 7 come January 14, 2020?

If you are one of those PC users to be affected by the end of extended support for Windows 7 in January 2020, then you have to determine what you will do. The last section implicitly directs you in which way you may consider, but if you are not yet confident in Windows 10, ask yourself the below two sets of questions:

1. Do you use your computer to access the internet? If so, do you keep private information online or conduct private matters online, i.e., financial information, tax information, banking, consumer purchasing via Amazon or other outlets, etc.?
2. Do you like Microsoft’s operating system Windows? Do you want to stay with Windows (but not Windows 8)? If so, would you like something similar to Windows 7 but operates better?

If you answer yes to these questions, then it is safe to say you should consider Windows 10. A free upgrade to Windows 10 expired in 2016, but the price you pay today can save you in the long run.

So, now you have it. There’s a lot to consider if you use Windows 7 and like using it. If you are an owner of a volume license for business users, then you do have a viable and reasonable solution to the deadline: you can purchase another three years of security updates. This option provides you ample time to consider other options and train personnel on new desktop operating systems.

But if you are not a volume license holder, then you really need to consider what you intend to do. Security is highly important today in our virtual worlds and without it, you risk impacting your so-called “real” world. A hacker can destroy what you have built up over the years, from finances to projects to just about anything that is maintained or kept on your computer, in the cloud, or online. The issue of the January 14, 2020 expiration for Windows 7 extended support is indeed a serious one.