Business App Upgrades You Might Want to Add to Your 2020 IT Budget

Microsoft will no longer support many business apps in 2020 because they are reaching the end of their lifecycles. Find out which popular programs are reaching this point so you can plan any needed upgrades and adjust your 2020 IT budget accordingly.

Running into unanticipated expenses can blow a business’s IT budget. For this reason, it helps to know about business apps that are reaching the end of their lifecycles. When apps reach this point, the software developers typically stop providing security updates. Running programs that do not receive security updates puts companies at greater risk of cyberattacks.

Three popular Microsoft business apps — Office 2010, Windows 7, and Windows Server 2008 — are reaching the end of their lifecycles in 2020. Many other business apps are also facing the same fate. If your company is running any of these apps, it is a good idea to find out the upgrade options, select the best one for your situation, and adjust your 2020 budget accordingly.

Office 2010

After October 13, 2020, Microsoft will no longer support Office 2010 apps, no matter whether they were procured as part of an Office suite (e.g., Office 2010 Professional) or purchased individually. This means that popular business apps such as Outlook 2010, Word 2010, Excel 2010, and PowerPoint 2010 as well as lesser used apps like Access 2010, Publisher 2010, and OneNote 2010 will no longer receive security updates.

If you decide to upgrade, you have several options, with the main ones being:

  • Subscribe to Office 365. When you subscribe to Office 365, you pay a monthly or yearly subscription fee for each person using the cloud service. Microsoft has many business subscription plans that offer different combinations of Office apps, services, and storage options. With most of the plans, each licensed user can install the Office apps on five desktop computers (Windows or Mac), five tablets, and five smartphones.
  • Purchase the Office 2019 suite or standalone apps. With this option, you make a one-time purchase of Office 2019, which is on-premises software and not a cloud service. Five versions of the Office 2019 suite are licensed for business use: three versions for companies with five or more users and two versions for organizations with fewer than five users. Each licensed user can install the Office apps on only one computer. You can also make a one-time purchase of standalone Office 2019 apps (e.g., Outlook 2019, Word 2019) for use on one computer.
  • Subscribe to Microsoft 365. In Microsoft 365, Office 365 is bundled with other cloud-based services that enable companies to automate business processes as well as secure and manage Windows 10 desktops. The specific services depend on the subscription plan chosen. For example, Microsoft 365 Business is tailored for businesses with 300 or fewer employees, whereas Microsoft 365 Enterprise is designed for larger companies.

Windows 7

All support for Windows 7 ends on January 14, 2020. Besides eliminating free security updates for this operating system, Microsoft will no longer provide them for Internet Explorer web browsers running on Windows 7 machines. That’s because Internet Explorer is considered an operating system component, so the browser follows the lifecycle of the operating system in which it is installed.

Assuming you do not want to switch to a different vendor’s operating system (e.g., Apple macOS), your options include:

  • Upgrade to Windows 10. To entice Windows 7 users to switch to Windows 10, Microsoft initially offered free upgrades. However, that promotion ended long ago (July 2016), so you now need to purchase Windows 10. If you subscribe to Microsoft 365 Business and your computers are running Windows 7 Professional, though, you can upgrade at no additional cost.
  • Purchase Extended Security Updates. Microsoft is offering Extended Security Updates for Windows 7 (which will include updates for Internet Explorer) through January 2023. On October 1, 2019, Microsoft announced that these updates will be available to any business of any size. Previously, it was planning to make these updates available to only Windows 7 Professional and Windows 7 Enterprise customers with volume licensing agreements.
  • Use Windows Virtual Desktop. This desktop and app virtualization service runs in the Microsoft Azure cloud. Companies can use it to virtualize Windows 7 desktops. Companies doing so will be provided with free Extended Security Updates through January 2023.

Windows Server 2008

Companies rely on servers to perform crucial duties — referred to as roles — such as authenticating users, hosting applications, issuing public-key certificates, and storing files. Because servers carry out these roles, they need to be well secured — and not having security updates would make protecting them a difficult task. For this reason, you need to take action soon if your business is using Windows Server 2008 or Windows Server 2008 Release 2 (R2). On January 14, 2020, these server operating systems will reach the end of their lifecycles, which means they will no longer receive free security updates.

Microsoft recommends taking one of the following upgrade paths if your servers are running Windows Server 2008 or Windows Server 2008 R2:

  • Upgrade to a newer Windows Server version. If you want to keep your servers on-premises, you can upgrade to Windows Server 2019 or Windows Server 2016. However, you cannot directly migrate to one of these newer versions. Instead, you need perform several upgrades (e.g., first migrate from Windows Server 2008 to Windows Server 2012 R2, then upgrade to Windows Server 2016, and finally move to Windows Server 2019).
  • Purchase Extended Security Updates. Because of the complexity involved, upgrading to a newer version of Windows Server by January 14, 2020, might not be a viable option. To give you more time, Microsoft is offering Extended Security Updates through January 2023. These updates will be available for the Standard, Enterprise, or Datacenter editions of Windows Server 2008 and Windows Server 2008 R2.
  • Permanently migrate to Microsoft Azure. You can permanently move your Window Server roles to Microsoft Azure, which is Microsoft’s public cloud computing platform.
  • Temporarily rehost workloads in Azure. You can temporarily move your Windows Server 2008 or Windows Server 2008 R2 operations to virtual machines in Azure until you are ready to either upgrade your on-premises version or migrate permanently to Azure. If you decide to temporarily rehost the workloads in Azure, you will get three years of Extended Security Updates at no additional charge.

The End Is Near for Many More Business Apps

Office 2010, Windows 7, and Windows Server 2008 are not the only business apps reaching the end of their lifecycles. Many other programs share the same fate. Table 1 lists some of the more notable ones.

We can assess your IT environment to see whether it is running any of the apps that will no longer be supported in 2020 as well as help you decide on the best upgrade option. Making plans now will ensure a smooth migration and help you keep on-budget in 2020.

Table 1: Some of the Business Apps That Microsoft Will No Longer Support in 2020

Business App End-of-Support Date
Exchange Server 2010 January 14, 2020
FAST Search Server 2010 October 13, 2020
Forefront Unified Access Gateway 2010 April 14, 2020
Hyper-V Server 2008 January 14, 2020
Hyper-V Server 2008 R2 January 14, 2020
Office 2010 October 13, 2020
Project 2010 October 13, 2020
Search Server 2010 October 13, 2020
SharePoint Server 2010 October 13, 2020
System Center Service Manager 2010 September 8, 2020
Visio 2010 October 13, 2020
Windows 7 January 14, 2020
Windows MultiPoint Server 2010 July 14, 2020
Windows Server 2008 January 14, 2020
Windows Server 2008 R2 January 14, 2020

The App Store flickr photo by Glen Bledsoe shared under a Creative Commons (BY) license

Gift Card Payouts: A New Trend in Business Email Scams

Cybercriminals are increasingly conning companies into sending gift-card numbers and PINs. Learn about this new trend in business email compromise (BEC) scams and what you can do to defend your business.

Cybercriminals have been using business email compromise (BEC) scams for years because they are profitable. Between June 2016 and July 2019, for example, they used BEC attacks to steal more than $26 billion from companies, according to a September 2019 report.

In a BEC scam, cybercriminals pose as executives and other business professionals to con companies out of money. They typically use spear phishing emails, social engineering techniques, and other tools to carry out their attacks. Until recently, cybercriminals mainly tried to get businesses to send money via wire transfer. But that is no longer the case. Researchers at Agari found that 65% of the BEC scammers now try to get businesses to send gift-card account numbers and PINs.

The payouts from gift-card scams ($1,562 on average) are significantly less than payouts from wire-transfer cons ($64,717 on average), according to the Anti-Phishing Working Group’s “Phishing Activity Trends Report, 2nd Quarter 2019“. However, gift cards are easy to launder and hard to trace, making them the most popular payout method.

How Gift-Card BEC Scams Work

Here is how gift-card BEC scams typically work: Posing as a person of authority (e.g., an executive) at the targeted company, the cybercriminals craft a polished email that is specific to the business being victimized. The recipient will be an employee who is authorized to purchase gift cards on the company’s behalf.

In the email, the scammers will spin a tale of why they need the employee to purchase gift cards for them. Cybercriminals study their victims, so the reason will make sense to the employee. For example, if the company has an “Employee of the Month” award program, the scammers might say that the gift cards will be used to reward upcoming winners. Or, if it is December, they might say they want to give the company’s top clients or suppliers a holiday gift.

The cybercriminals will also tell the employee to send them the gift-card information — including the gift card account numbers and PINs — for their records once the cards are purchased. The most common gift cards requested by BEC scammers are Google Play, Steam Wallet, and Amazon, according to the “Phishing Activity Trends Report, 2nd Quarter 2019”.

The scammers will then send the email using a spoofed email address or hijacked email account to make the email seem legitimate. If the employee buys the gift cards and sends the card information to the scammers, they will immediately cash out the value of the cards.

How to Defend Your Business

To avoid becoming a victim of this type of BEC scam, you should:

  • Educate employees at all levels about BEC emails in general and gift-card BEC scams in particular.
  • Tell employees to be wary of an email request to buy multiple gift cards or a gift card with an unusually high amount, even if the reason for the request seems legitimate.
  • Educate employees at all levels about how to spot spear phishing emails, including how to check emails for spoofed addresses in the “From” field.
  • Be careful about what you post on your business’s website. Cybercriminals can use some types of information (e.g., employee job descriptions, email addresses) to determine who to impersonate and who to send the gift-card BEC email to.

If you would like to learn more ways to protect your company against BEC scams and other types of cyberattacks, contact us.

Money unfolding flickr photo by cafecredit shared under a Creative Commons (BY) license