Still running Windows 7? Cyber-criminals are on your trail

Posted by Tim Smith, technical director at Legal Futures Associate Insight Legal

Smith: The days of ‘getting by’ are almost at an end

One of the weaknesses of the partnership model as a business structure is that it is less open to public scrutiny than businesses with external investors. Law firms may employ experts in the areas of IT, finance, marketing and HR, but they don’t always have to take their advice.

The advent of non-lawyer partners has gone some way to aiding parity within a leadership team, but the collective will of fee-earners is likely to win out on key strategic decisions.

There are still too many instances of firms choosing to defer capital investment decisions ‘for another year’ in order to deliver short-term profitability. Eventually this deferred decision making will catch up with firms and so it is the case with IT and specifically Microsoft Windows 7 software.

There will be many firms which for years have had the same practice management/case management system that everyone in the firm is familiar with. We hear stories about idiosyncrasies and bugs in the software, but the users all know work-arounds and reports are still produced on time for the executive team.

For firms whose legal software has not been developed beyond Windows 7, the days of ‘getting by’ are almost at an end.

It’s been well-trailed – the end of Windows 7 is nigh

When Microsoft launched Windows 7 in October 2009, it promised to support its new operating system for 10 years. In the middle of this year, Microsoft announced its end of life plans for Windows 7. Support will end on 14 January 2020. The company has been true to its word and since the announcement, much has been written on the subject.

IT publisher Computer World estimates that, when the end-of-life date arrives, one in four PCs will still be running Windows 7. This figure will be higher in industries slower to embrace IT developments and legal is likely to be amongst those.

While PCs running Windows 7 will not stop working after 14 January, the risks to security and compliance of keeping these machines within the network are significantly increased. Microsoft will cease to issue product updates and security patches for Windows 7. These computers are more likely to be susceptible to malware attacks and other cyber-criminality that could be disruptive to the day-to-day operation of a law firm.

There are some short-term transitory measures available for limited ongoing protection for a period beyond 14 January, but these are nothing more than a sticking plaster. For any law firms out there tempted to take a chance, they’ll do well to be reminded of the 2017 WannaCry cyber-attack.

Lessons from recent history – the NHS

The WannaCry ransomware attack of 2017 led to the cancellation of 19,000 GP appointments and cost the NHS an estimated £92m. A report into the attack showed that 42 separate NHS trusts were running Windows XP on tens of thousands of machines, despite support for the operating system ceasing in 2014. The parallels with Windows 7 end-of-life and support are clear: the failure to replace redundant IT leaves any business at risk.

WannaCry affected thousands of computers across the world and was not just restricted to the NHS. Although it was not directly aimed at the NHS, the attack highlighted serious vulnerabilities. It will be interesting to see what lessons have been learnt in the health service in the months and years after 14 January 2020.

What should law firms still using Windows 7 do?

The time for burying one’s head in the sand is over. The good news is that there is a way forward and, with digital transformation, the investment needed to make it happen is likely to be just a fraction of what it was the last time.

Data security is one of the key elements to remaining a successful legal practice as we enter a new decade. There will be firms that cease to exist because they have not kept their IT up-to-date and then been victims of an attack.

In the first instance, ask your existing supplier what, if any, impact the end of Windows 7 support will have on the systems in your firm. If there is no upgrade path to Windows 10 that is open to you with your current provider, you may conclude that the best way to mitigate the potential risk is to find a replacement system.

The exercise of replacing a practice and case management system takes around three to six months. In choosing a replacement system, you will need to consider how data in the present system will move (migrate) into the new one. We would recommend only shortlisting suppliers with a good track record of migrating from the system you already use.

A credible software supplier will be able to partner with you and advise on a new solution and the right implementation strategy. This could be a completely cloud-based system, on premise or a combination of both.


Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Loading animation