3 Things to Understand About Legacy Hardware Systems to Protect Your Data

December 7, 2017

For whatever reason, there are plenty of brands and organizations that stick with legacy and out-of-date systems for their hardware and network.

Maybe they don’t have the budget to upgrade equipment and software. Maybe they don’t have the necessary resources because their internal IT team is too small to handle a widespread upgrade. Or, maybe the decision-makers just prefer saving money or using old systems.

What many don’t realize is that legacy systems – hardware and software – can double the risk of a data breach.

More than 8,500 organizations have over 50 percent of their computers running an out-of-date version of an internet browser, doubling their risk of attack.

Let’s take a brief look at an OS (operating system), for example. Windows, one popular OS, receives many official updates, from bug and security patches to new features.

Many of these updates, however, are released specifically to patch up or seal vulnerabilities in the platform. This means each update you — or your employer — ignores, you are compounding the risk of a data breach or cyber attack. That’s why Windows is designed to receive updates automatically and why it is always recommended to upgrade to the newest version(s) as soon as possible.

When a vendor no longer supports a system, you absolutely need to move on. The platform in question will no longer receive updates to fix bugs, no matter what’s discovered. If hackers find a gaping hole in the system, it will never be fixed. Of all apps tested in 2013, a whopping 96 percent had serious security vulnerabilities.

Knowing this, what are some important things to consider when sticking with legacy hardware and software systems? What are some things you can do to at least protect your data in the interim, until you can properly upgrade?

1. Always Update

Updates often do arrive at inconvenient times, and it’s tempting to delay them. However, you shouldn’t do this regularly. Upgrade as soon as humanly possible, and refrain from using the system until it’s done. If you find it difficult to find time, hash out a schedule. You can schedule systems to auto-download at a specific date and time. Have the updates install over the weekend, for instance, when no one is at the office.

The problem is that you need to prioritize all systems and hardware this way. It can get extremely overwhelming when you need to constantly upgrade hardware and software as often as it needs to be done. Unfortunately, there’s no way around this. The longer your systems or platforms go without being up-to-date, the more vulnerable they can be.

This applies not just to software, but also to hardware, too. For example, using the right kind of router can lower the risk of an attack. Edge routers are one option that are specifically designed to provide high-level security for your network while also ensuring that you can deliver quality services.

2. Enable Encryption

Encryption is not perfect, but enabling it is much better than not. You can locally encrypt data stored on a hard drive or remote server. You can also encrypt entire connections using SSL, so sensitive data being transferred is at least semi-protected.

Encryption is quite easy to understand. You lock your data behind a door, essentially, and seal it using a key. The only way to unlock that door – or decrypt the data for viewing – is to use the appropriate key. Otherwise, the door remains closed, and the data behind the door remains scrambled.

The actual technology and process is more complicated, but you get the gist. If and when you have the opportunity to rely on encryption, do so.

3. Monitor Your Network

All systems, devices and software tap into your local network. There are tools and resources to monitor who and what is using bandwidth. By actively monitoring this, you can lock out mysterious third-parties and prevent them from wreaking havoc.

A firewall works similarly. It is designed to block specific applications and network ports to prevent unauthorized connections. A notification usually comes in, and you have the option to allow or block that particular app, connection or hardware. A monitoring system for a local network would be nearly identical, allowing security professionals to authorize or deny various parties.

Since authorized parties can become vulnerable sometimes, this will also allow the security team to take action before further damage is caused by a trusted, yet infected system.

The bottom line is this: Keeping legacy hardware around isn’t worth the risk.

Kayla Matthews is an IT writer and reporter. Her work has appeared on ITProPortal, Motherboard, CloudTweaks and MakeUseOf. To read more articles by Matthews, check out her personal tech blog at produtivitybytes.com.

You must login or register in order to post a comment.

A critical event is defined as an incident that disrupts normal operations, such as severe weather, crime, violence and critical equipment or technology failures. Business continuity and crisis response plans can only go so far if there isn't buy-in across functions, with executive-level support.

In this webinar, security expert Pieter Danhieux explores how CISOs and CIOs can inspire real change, fostering a positive security culture that enables their development teams to become more security-aware, more aligned with internal AppSec specialists and, ultimately, securing code as it is written.