Is your charity still running Windows 7? You’re facing a security and compliance risk

Microsoft is switching the lights out on Windows 7 for good, so those running it will no longer be security or GDPR compliant – we thought it was worth giving charities advance warning so they can start planning ahead.

Chloe Green | 20th Aug 19

Charities running Windows 7 won’t be GDPR compliant in six months’ time, and risk leaving their systems and information vulnerable to cyber attack.

After ten years, the Windows 7 operating system is reaching the end of its life in January 2020. As 2019 comes to a close, Microsoft will start to issue a stream of reminders to users still running the operation system to take action – consider this advanced warning if your charity still has devices running Windows 7.


> See also: Top 10 cyber security resources for charities

Why is it expiring?

Most software products have a lifecycle – a beginning and an end. Microsoft can’t keep updating and providing support for its entire backlog of products, so all of them have an expiry date. Keep those products running on your computer beyond their official end of life and you are running unsupported software – programmes that no longer recieve important updates such as technical support or security patches.

Windows 8 support ended in January 2016, and Windows 8.1 in January 2018, so anyone running those systems will already be out of date. Because Windows 7 is a more popular operating system, Microsoft kept support open for longer, but this is now coming to an end in January 2020.


What’s the risk to charities?

Any organisation running outdated software or operating systems needs to be aware of the risks. Cyber security is a continuous battle between technology vendors and the criminals exploiting them. Criminals are constantly updating their methods of attack and learning to outwit the security measures that software vendors work to put in place, and so the two technologies must out-compete each other to survive.

Inevitably, this means that older software is more vulnerable to exploitation and data theft, leaving your organisation wide open to cyber attack.

Security patches, or downloaded updates from Microsoft’s servers, are essential to fixing these vulnerabilities.

If your charity holds or processes personal data, GDPR requires you to put into place, as a legal minimum, appropriate security measures to protect that data, and this includes ensuring you have the latest security updates in place.

Under GPDR, organisations of all kinds can be fined up to 20m Euros or 4% of their annual turnover for a breach of personal data – a few have been stung with huge fines already.

> See also: Prevention is better than cure: is your charity doing enough to protect from cyber attacks?


What should charities do?

It’s simple- organisations have the choice to either continue as they are and risk being exposed to data breaches and non-compliance, bite the bullet and upgrade to Windows 10, or switch to a completely different environment such as Apple.

Like it or not, new Microsoft machines will all come with Windows 10, and this is likely to be the case for the forseeable future. This is because Microsoft has altered the way it delivers Windows by moving to a ‘Windows as a service’ model – there will be no new version numbers of Windows operating systems released every few years, but instead just regular updates to Windows 10 which are automatically downloaded from the Microsoft servers.

All new PCs and laptop devices automatically come with Windows 10. Microsoft recommends having the newest devices for the best performance, but obviously for a charitable organisation it’s not always realistic to replace their entire suite of devices. Existing devices can be upgraded with Windows 10 provided they meet the following minimum requirements:

Processor: 1GHz process or faster

Memory: 1GB of RAM for a 32-bit installation and 2GB of RAM for a 64-bit installation

Hard Disk Space: Up to 20GB of space

Graphics Card: A DirectX 9 graphics chip

Display: 1024 x 600 or above

Connectivity: Internet access


Eligible charities can access a discounted version of Windows 10 Pro or Enterprise on the Charity Digital Exchange programme, for just £14 + VAT per license.

If your devices are not running an operating system that’s eligible for an upgrade (due to being unlicensed or improperly licensed), small and medium sized charities may be able to request a license through the Get Genuine programme, also on Charity Digital Exchange. These can be bought for just £8 + VAT and allows charities to then download Windows 10 Pro.

It’s worth also keeping an eye out on the Exchange for occassional charity-specific deals on laptops and other hardware that come in from time to time, but these deals are limited and tend to go fast so charities will need to move quickly. Sign up for the newsletter here to stay in the know.