Courtesy of Cindy Bates – Vice President, Microsoft U.S. SMB group
Premera — a major health insurer based in Washington State, has been in the news this month — but not because of a major advancement in healthcare or a customer milestone. Instead, the brand is under scrutiny as a result of a cyberattack that may have exposed the personal information, including the medical records and social security numbers, of more than 11 million people.
Unfortunately, these types of attacks are becoming news-making headlines for businesses of all sizes. For the majority, a cyberattack is the beginning of the end. Sixty percent of businesses who fall prey are forced to shutter their doors within six months, according to a recent study cited by the U.S. House Small Business Subcommittee on Health and Technology.
SMB owners must realize that with each transaction or piece of information shared, customers are also providing a measure of trust. By using outdated technology that leaves information vulnerable to cybercriminals, you’re risking not only the data, you’re risking your business.
During a technology audit prior to the Premera breach, federal officials conducted vulnerability scans and found that the company failed to implement critical patches and other software updates in a timely manner. Auditors also found that several servers contained software applications so old that they were no longer supported by the vendor.
“Failure to promptly install important updates increases the risk that vulnerabilities will not be remediated and sensitive data could be breached,” the auditors wrote, without knowing they were foreshadowing one of the largest cyberattacks of 2015.
Incidents like this, combined with the upcoming Windows Server 2003 End of Support, make now an opportune time to reevaluate your technology to ensure the security of your customer data and the safety of your business. In fact, the US Department of Homeland Security issued a cybersecurity alert because no patches will be available for critical security vulnerabilities discovered after public support for Windows Server 2003 ends on July 14, 2015. Gartner also sounded the alarm over potential security risks after end of support.
For SMBs less familiar with technology, the first step is to determine whether or not you have a server. If you have a business email address that’s not associated with a service such as Hotmail or Yahoo, or if you host a small website, it’s likely you have a server. Contact the IT person or partner who helped set up your hardware to determine whether or not your business is utilizing Windows Server 2003. If so, you can find important next steps here.
It can take up to 90 days for a small or midsize company to migrate, so the best time to get started is now. Waiting until the last minute just puts your business at more risk and waiting until after the final patch is like sending an open invitation to cybercriminals.
Many SMBs, such as Karen M. Hazleton, CPA have already upgraded to newer versions of Windows Server or Microsoft Azure. These businesses are seeing real benefits, including improved performance, higher reliability, and increased flexibility in responding to customer needs. Read Karen’s story here.
Don’t wait until it’s too late. After the breach, Premera is now obligated to offer two years of free credit monitoring and identity protection services to those affected, but that will only go so far. Once you lose a customer’s trust, there is very little you can do to get it back.