What happens if I’m not in compliance with Windows updates?

As an IT manager your role is to control the way your company, end user and customer information is used and stored, and most importantly how it is protected. Given the many high-profile data breaches over the last few years, this is now regulated more closely than ever. And depending on where you operate or trade, the laws and guidelines that your company must comply with can be varied and complex.

If your company experiences any data breaches, you could face a costly court case or fine, and the impact on your brand and reputation could be even more far-reaching. Highly regulated industries are likely to be hit the hardest. Healthcare data breaches are reported to be one of the most expensive – costing an average of US$7.13 million – 84% higher than the global average. Following on its heels are the financial services, pharma and technology industries.

Even if you have already moved to Windows 10, but you aren’t managing regular updates, you could be at risk – Microsoft provides between 18 - 30 months support for Windows 10 versions, and some have already expired. With the announcement that Windows 11 will arrive later this year, Windows 10 itself will only be supported for the next 4 years or so.

Risks of running an unsupported version of Windows

So, what are you leaving yourself open to, if you are running an unsupported version of Windows? Well, a lot, actually:

• Security breaches: As previously reported, security breaches can be costly. Hackers are adept at working out how to bypass Windows OS versions, hence the regular security updates that Microsoft provides – without them you will risk non-compliance to the regulations governing your industry and could be at risk of data breaches and those costly court cases and fines, mentioned earlier.
• Risk of spreading viruses: Microsoft delivers regular patches for supported Windows versions. If you aren’t receiving them, minor glitches can spread malware to other machines.
• Performance Issues: As time goes by and end users continue to work on machines running unsupported versions of Windows, performance will be disrupted, and they may not be able to access the same set of applications used by their colleagues.

If you think your firewalls and antivirus software will save you, think again. Unless you want to risk exposing your company’s intellectual property, employee or customer information, you should make sure that your company is running a supported version of Windows.

Be aware of what’s running over your IT environment

Are you sure that you aren’t running an old version of Windows in your IT environment? Even if you do manage regular Windows updates, you may have missed someone – or they are working from old devices or equipment.

You could use InTune to set compliance for mobile devices. Any devices running old versions of Windows will be flagged so that you can resolve the issue. Unless you know who the end users are or what their role is, you should communicate with them to explain the need for the update and agree on a time and date to schedule – so you aren’t interrupting business critical activities.

But what about other equipment? It’s a good idea to regularly monitor your IT environment. To do this run system scans and scripts to understand what version of Windows is being supported on machines. But in a global company – and at a time when many are working remotely – you can’t be sure you’ll catch everything because this will only return results if machines are connected to the network. Compare that information to your Active Directory records and pull together in a spreadsheet.

If you discover any machines that aren’t running a supported version of Windows, you’ll need to act quickly:

• If you’ve identified old devices that aren’t compatible with the latest version of Windows or are nearing end of life or lease expiration, you’ll need to replace them. Communicate with end users to let them know what’s happening, understand where they are located and if they have any specific hardware requirements. Then create a process for replacing, building, packaging, and shipping the new hardware. Don’t forget to send another communication to help them set-up the new device, who they should contact if they have queries, and how to return the old equipment. You’ll probably need to chase that up too.
• If you’ve identified that some devices are compatible with the new versions of Windows, you’re going to have to run a mini-Windows servicing program. That means running reports to find out what applications users are running over the devices. This should flag if they are using any applications that created issues when you rolled out the Windows update to other devices so that you can incorporate any fixes. Contact the end user to explain what’s happening. Find out where they are located – this is important because if they are working remotely, you’ll need to run a script using SCCM to understand if there are any bandwidth constraints over their home broadband. Schedule a good time for the update with your end users and roll it out.

Constant monitoring and regular updates ensure compliance

If you’re managing Windows updates on a regular basis, then you can be (almost) certain that you are in compliance with regulations, but you should continue to monitor your environment regularly to make sure that nothing has slipped under the radar.

We know that completed manually, any Windows Servicing is a time-consuming and arduous task. But by applying intelligent automation to repeatable processes, you could cut 50% or more manual tasks, freeing up the time of your team to focus on strategic projects.

Schedule a demo to see how ReadyWorks uses intelligent automation to cut the time and hassle of maintaining IT compliance and ensuring data is always protected.