Top 4 ways small businesses can protect themselves against the end of Windows XP

As the End of Life (EOL) for Windows XP edges closer, almost a third of the world's machines are still running on the outdated operating system. For small businesses this means that after the official EOL, on April 8 2014, many will be at risk of major security breaches.

Microsoft will not only discontinue technical support but also security patches, leading to a significant increase in security risk when vulnerabilities are made public but patches are no longer provided.

Migrating to alternative OS's such as Windows 7 and 8 is costly and time consuming. With limited budgets and IT expertise, many small businesses have found it challenging to manage a platform upgrade of this size.

Many of these businesses have yet to grasp the risk they'll be exposing their business to if they haven't taken additional security measures or migrated platforms, despite the cut off being just a few weeks away.

Worryingly, many SMEs may also confuse Microsoft's extension of its anti-malware support for Windows XP to mean that this OS will remain protected – when in reality these businesses will still be vulnerable to zero-day attacks and other data security breaches, unless action is taken now.

A high number of companies have a significant investment in Windows XP with business critical applications that can only run on this operating system, making the decision and process to migrate difficult.

Many retailers have yet to make the switch with a number of legacy technologies including point of sale (PoS), systems only supported by Windows XP, leaving these businesses exposed to data breaches if steps are not taken now.

Without any additional security, Windows XP is already 21 times more vulnerable to malware than Windows 8, and the security risks will only increase after April 8. It's important that the many small businesses continuing to use XP take steps to mitigate their risk:

1. Give admin rights only to those who need them

Particularly with SMEs, admin rights are often given to all staff by default. Businesses can substantially mitigate potential security issues by normalising user privileges according to roles and responsibilities and only giving admin rights to those who need them.

2. Protect against zero-day attacks

SMEs should ensure they have storage and buffer overflow protection enabled to help protect against malicious exploitation. Unsupported operating systems such as XP become a greater risk to zero-day threats, which means businesses must make use of intrusion prevention systems.

3. Keep unwanted software out

To better control unauthorised software from being installed and executing on legacy systems, businesses should deploy dynamic whitelisting. This will reduce the need to constantly chase software updates and patches (including Microsoft patches and security updates), to keep up with the ever increasing tide of malicious software. Instead, if an application is not on the whitelist, it is prevented from executing, is reported and the endpoint remains safe.

4. Make real-time visibility a priority 

One of the biggest threats to businesses of all sizes is delayed discovery and remediation of attacks. Real-time visibility is critical to give companies a head-start so they can quickly identify and remediate attacks attempting to exploit XP vulnerabilities.

Now is a critical time for businesses of all sizes that haven't yet put their migration strategies in place. SMEs need to act now to ramp up their defences – or risk a malware invasion they may not recover from.

Tim Stone is SME Director for EMEA at McAfee.