ICO warns businesses of Windows XP deadline

Organisations need to put measures in place to protect data or risk huge fines, the ICO says

Data breach

The ICO has warned businesses that still use Windows XP they must take responsibility to protect data as support for the aging operating system ends on 8 April.

PCs running Microsoft's Windows XP and Microsoft Office 2003 will continue to operate, but will no longer be updated to fix security flaws when Microsoft ends support for the products next Tuesday.

The ICO has said the systems, and the personal data stored within it, could potentially be vulnerable, and therefore it is the duty of IT managers to ensure that measures are in place to keep data safe.

Importantly, if an organisation fails to spot problems with its software that led to a serious breach of the Data Protection Act, they could incur huge fines. One organisation, the British Pregnancy and Advisory Service, was hit with a six-figure fine on the 10 March after the names, contact details and addresses of 10,000 people were leaked because holes in its IT systems.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Microsoft's XP operating system is still being used by millions, despite the imminent discontinuation of support, which has been planned for six years. Almost 28 per cent of desktop users are still using XP, according to data site netmarketshare.com.

This week, the UK Government managed to secure an extra 12 months of support from Microsoft to accommodate the public sector organisations still running XP at the cost of 5.548m.

The data protection watchdog, which upholds information rights in the public interest, said problems will get worse over time as more vulnerabilities are gradually discovered, leading to more "opportunities for an attacker to exploit and potentially gain unauthorised access to systems".

The ICO's technology group manager Dr Simon Rice noted that it is important to remember organisations regularly end support for their older products.

"As a responsible data controller, it is your organisation's responsibility to make sure you have the measures in place to keep people's details safe," he said.

"Anyone using either of these two products must consider their options and ensure that personal data is not unduly placed at risk. Failure to do so will leave your organisation's network increasingly vulnerable over time and increases the risk of a serious data breach that your actions could have prevented."

Advertisement - Article continues below

Rice offered some advice for businesses to help protect their systems as the switch-off date nears.

For small businesses, he said, checking for updates that need to be regularly applied to desktop and laptop operating systems should be relatively simple.

For more complex work environments, tests may need to be done to ensure the updates are compatible with the existing infrastructure. And where businesses cannot apply an update, they may need to put additional measures in place to "mitigate the risk".

Although the ICO did not explicitly recommend upgrading to new systems, vendors, including Microsoft, Toshiba and Lenovo, have been offering cut-price packages to entice businesses to upgrade their IT infrastructures.

Featured Resources

Report: The State of Software Security

This annual report explores important trends in software security

Download now

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Download now

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/information-commissioner/31751/what-is-the-information-commissioner-s-office-ico
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

5 Sep 2019
Visit/data-protection/33450/bounty-fined-by-ico-for-unlawfully-sharing-member-data
data protection

Bounty fined by ICO for unlawfully sharing member data

15 Apr 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/in-depth/354726/sonos-speakers-are-environmentally-unsound
In-depth

Sonos speakers are environmentally unsound

9 Feb 2020