News that Microsoft will end support for Windows XP and Windows 2003 next month has some Maryland law firms working to update their technology and take other steps to protect their data, as well as their clients’.
The announcement was not unexpected.
Every 10 years or so, Microsoft works to phase out old operating systems by ending support for those programs, including upgrades that could protect against security risks. Windows XP and Windows 2003 have been supported for about 12 years.
“They will no longer be issuing security enhancements or mitigating any security risks that may still exist within the operating system,” said Keith Spraker, chief operating officer at OmegaCor Technologies, which is based in Millersville. “At this point, they would just like to see everyone move up to the newest version.”
That would be Windows 8.1, which was released in 2013, said Spraker, whose company describes itself as a “one-stop IT shop for small and medium-sized businesses.”
He said some people believe that there are hackers who know Windows XP’s vulnerabilities and are waiting until April 8 — when Microsoft will stop supporting Windows XP — to launch some kind of attack.
A representative from Microsoft did not respond to a request for comment.
At Ober | Kaler, a national law firm with an office in Baltimore, employees have been making the transition away from Windows XP since about 2011.
Now, as the April 8 deadline approaches, none of the law firm’s employees is using Windows XP. The firm does still have about 10 devices using Windows XP, but not on machines directly used by employees.
The focus now, according to Don Shifflett, the firm’s chief technology officer, and Howard Sollins, co-chair of the firm’s health law group and chair of the technology committee, is on helping employees who remotely access the server do so securely. That means restricting access for employees with XP or Windows 2003 on their home machines and helping them upgrade.
Ober | Kaler uses server-based technology, Sollins said.
He said that smaller law firms or those using free-standing computers that “talk to each other” are more likely to be running XP, which was a very good program for many years after the release of the unpopular Windows Vista.
Shifflett and his internal technology staff are tasked with overseeing the firm’s technology infrastructure. The firm also has a technology committee, which includes attorneys, paralegals, secretaries and others, who talk about how technology affects users on a day-to-day basis to ensure that being used is not only secure, but also is helpful.
“That’s how we make sure that we want to be both thoughtful and responsive to technological changes,” like the move away from Windows XP, Sollins said.
At Niles, Barton & Wilmer LLP in Baltimore, director of marketing Inna Kolomiytsev said in an email: “We have several computers that were upgraded or will be eliminated with either upgrades or replacements before the [April 8] deadline for support. … It appears this decision does not affect data security or compliance at our firm.”
Though her firm won’t be using the old operating system, she said, “Microsoft has agreed to extend XP protection to July 14, 2015, through anti-malware updates for Microsoft Security Essentials.”
For law firms looking to maintain the security of their data, Spraker said the only choice is to update to a more recent version of Windows.
“Nothing can mitigate the vulnerabilities within the operating system,” he said. “This will be an ongoing event forever as long as we’re married to Microsoft.”