Windows XP goes end-of-life in April 2014, after which Microsoft will no longer release bug fixes. If you’ve upgraded your PC then everything should be fine – but what about your bank? Have they upgraded?
The Risk Isn’t Necessarily With You
Have you upgraded from Windows XP yet? If not, you can choose from several different options, but don’t feel that the onus is completely on you to stay secure. While it is important to ensure your home computer system is as up to date as possible – thereby ensuring that your copy of Windows is equipped with all of the latest security updates – it is also important that the companies you do business with are also suitably secure.
Sadly, this hasn’t been happening. For various reasons (usually cost) a vast number of businesses have been spending time burying their heads in the sand rather than coming to terms with the fact that their systems are going to become a lot less secure once Microsoft withdraws support for Windows XP in April 2014.
Although corporate security support has been increased to July 2015, this still doesn’t give businesses who haven’t yet made the necessary upgrades an awful lot of time to purchase and roll out new hardware running Windows 7, Windows 8 or even a Linux or Mac OS X desktop instead. While you might have taken steps to upgrade, the Windows XPocalypse has wider ramifications.
Among these are the customer-facing systems running on Windows XP. Things like rail ticket machines, ATMs and self-service petrol stations all use XP, and its continued presence represents an open door to digital criminals.
ATMs: Stay Away!
There is a strong possibility that you don’t use ATMs as often as you might have done 5-10 years ago. The proliferation of “cashback” services at checkouts in stores and supermarkets means that queues have gone down and the potential for fake machines has dropped.
However, if you do still visit ATMs to withdraw your wages, you likely do so from a system running Windows XP. If you’ve ever seen one of these machines crash or reboot, you’ll know that behind the simple set of options Windows XP is hiding. Once upon a time it was providing security against intrusion from sophisticated hackers; these days, its presence is arguably as big a headache as the breaches it once helped to prevent.
ATMs running Windows XP are rife for exploitation and should be avoided.
Avoid withdrawing money from an ATM by doing so over the counter at your bank. You might consider using point of sale cashback services too.
Ticket Machines: Buy Your Tickets Online
A similar situation exists for ticket machines on platforms and at bus and tram stations. Unless these machines have been installed in the last couple of years, you can expect to find Windows XP managing the data processing.
Do you trust such a machine with your credit card data?
If you want to purchase tickets, your best bet is to buy online in advance and have them shipped to your door, or else pay for them at the machine with cash.
Don’t Pay At The Pump
Again, petrol pumps at your local gas station may well be equipped to take payment, and if this is the case then your credit or debit card is at risk from the presence of Windows XP.
Such payment points are already a security risk, with scammers around the globe fitting their own card readers in order to skim credit card data.
A rule of thumb should be to avoid these at all costs. If you can’t, it is worth being prepared by setting up a pre-payment credit card with a low balance to be used specifically for paying for gas. Otherwise, pay the attendant.
Windows XP & Medical Records
A more difficult problem to circumvent is the way in which your medical records are stored.
A typical health organization might have robust data servers running one of the more recent Windows Server releases or a Linux server OS. Patient data will be stored in a SQL database, with information backed up daily and stored offsite.
The weak point is with the clinicians and secretaries, where there is a strong chance that at least some computers will be running Windows XP. These leave a health organization wide open to attack.
So what can you do about it?
First and foremost, you should ask your hospital and local doctor (or preferably the manager of the practice) the following questions:
- Do you still use Windows XP?
- What plans does your organization have when Microsoft drops support in April 2014?
- Are you aware that patient data will be at greater risk after this point?
Sadly, there isn’t a workaround for this. Like other businesses, your healthcare team will need to take the correct, responsible steps to ensure the safety of patient data. Should a breach occur and your data is involved, then there may be legal avenues to pursue.
Windows XP: The New Millennium Bug?
15 years ago, the IT world worked itself into a frenzy as it fought to combat the effects of the so-called Millennium Bug (aka Y2K problem) – an issue with the way computers calculate the date that was set to cause chaos come January 1st 2000 (or 1900, if the bug had its way). Although there was plenty of time to prepare for this, many businesses waited until the last few months to apply a fix.
Fast-forward to 2014 and the situation is recognisable, if not identical. Home users are largely protected (there are methods you can employ to “bulletproof” Windows XP) but businesses seem to have ignored the many warnings issued by Microsoft about Windows XP going end-of-life and the implications of this. The push to get domestic users onto Windows 7 and Windows 8 has been slow, but it would seem that even if you upgraded tomorrow, your bank, local government authority and hospital would still be running XP, with the impending security failings this will bring.
As such, you need to be careful where and how you use credit and debit card. As a rule of thumb, if you’re attempting to use the card at an exposed location, you should already be cautious of the risks. With unsecured Windows XP installations now providing an added threat, automated payment solutions should be avoided.