In three weeks' time, official technical support for Microsoft Windows XP and Microsoft Office 2003 will end. This means Microsoft will stop sending out updates to fix security flaws affecting either piece of software. Any organisation which uses the Windows XP operating system or Microsoft Office 2003 should be taking steps to ensure that their IT systems will remain secure after the updates stop on 8 April 2014.
The £200,000 fine received by a UK charity earlier this month after a security flaw allowed a hacker access to their systems gives a timely reminder of the need to ensure all software is secure and up to date.
To help avoid similar breaches, organisations should ensure that their systems are fully supported moving forwards. ICO guidance also suggests the following steps to minimise IT security risks:
- Install a firewall and virus-checking software on computers.
- Ensure that your operating system is set up to receive automatic updates.
- Download the latest patches or security updates when available, which should cover vulnerabilities.
- Only allow staff access to the information they need to do their job and don’t let them share passwords.
- Change passwords regularly, including for administrative staff.
- Encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen.
- Take regular back-ups of information on your computer system and keep in a separate place so that if you lose your computers, you don’t lose the information.
- Securely remove all personal information before disposing of old computers (by using technology or destroying the hard disk).
- Consider installing an anti-spyware tool.
- Implement regular briefings for staff on data protection and security.