Businesses beware! Sticking with Microsoft XP could cost you.
It might seem odd at first to hear an attorney warning companies, employers and small businesses to upgrade their computer software. After all, I have no ties to Microsoft, which is ending its support and security upgrades for its popular but outdated operating system, Microsoft XP.
But in focusing my practice here at Scaringi Law on Employment Law and Civil Litigation, I feel a duty to warn business owners and employers about the potential legal liability that exists should they fail to upgrade.
When Microsoft ends its XP support as of April 8, the company will stop issuing upgrades, updates and security patches. And therein lies the legal problems and potential liability for businesses and employers.
By failing to upgrade to another software system, those companies and employers sticking with XP will leave themselves vulnerable to hackers - and liability.
What data do you have to protect? Plenty
Think about your potential vulnerabilities in a data security breach. What do you have to protect?
Plenty.
Employee health information, social security numbers, tax information, legal records, personnel files, client lists and information, vendor information, payroll, even your company's trade secrets, such as recipes, manufacturing instructions, and process and procedure guidelines could be left unprotected by not upgrading from XP.
I know what a hassle switching to a new system can be, especially for a smaller company without an in-house IT staff. But let me warn you right now: legal liability often looms over the actions you don't take as much as it does over the actions you do take.
Not upgrading from Windows XP is an example of failure to act. You are failing to secure your data, thus making your business liable should an information breach occur. The advance warning Microsoft has given provides little excuse for not updating from XP and could leave you liable for damages should sensitive data be compromised.
The cautionary tale of Target
Beyond this, imagine the embarrassment and reputational damage should your business' data be stolen by hackers and used in a way that hurts your clients.
We need only look at the plight of one of the biggest retailers in the country, Target, to see the kind of public relations nightmare that can be wrought by a data breach.
At the height of the Christmas shopping season, a data breach of customer debit and credit card information at Target cost the company the confidence of some of its most loyal shoppers.
By Target's own admissions, this once hyper-competitive company has yet to fully restore customer confidence and win back all those shoppers it lost in that headline-grabbing data breach.
Don't let this happen to your business.
Keep in mind that after the April 8 deadline, your Microsoft XP system will keep on working - but don't take that as a sign that there's no need to change.
Without the routine security patches and upgrades, over time vulnerabilities will develop that hackers can exploit, putting your data at risk. And remember, since Microsoft is giving everyone plenty of warning - you'll soon see notices popping up on your computer screen if you use XP - the likelihood that you and your company could be held legally liable should a breach occur is high.
A company's duty to protect data
Employers and companies in general hold lots of information they are legally required to protect. HIPAA privacy laws covering medical records are the first thing to come to my mind. Anything involving medical records of employees, including certain health and insurance records, could pose a legal problem should the data be breached.
It comes down to due diligence. Companies, businesses, employers -- they have a duty of care to protect in a way that is reasonable the information they hold. It would be utterly unreasonable to allow security to lapse on your Windows XP system.
At this point, businesses should be actively looking at upgrading. Older computers won't meet the higher system requirements of the newer software, such as Vista, Windows 7 and Windows 8, so you may need to invest in new hardware as well.
But the investment will be well worth it. Take it from me, a jury is going to be much less forgiving in a situation where there is ample warning that something like this needs addressing.
And the cost of upgrading will be much less than defending or settling a lawsuit centered on the breach of a company's computer system and the dissemination of unprotected data.