written by
Zack Calloway

Microsoft Windows Remains the Biggest Cyberattack Target

Microsoft Cyber Attacks 3 min read
Windows is the prime target for cyber criminals

If your business is like most, you rely on Microsoft Windows to get work done. Unless you’re a 100% Mac workplace (or Linux, we suppose), someone, somewhere in your organization is using a PC running Windows.

That’s not exactly surprising news, and neither is this: because Windows is ubiquitous throughout the business world, it’s a prime target for cyber criminals and cyberattacks.

The important question is what this means for your business, and what you should do about it.

Should you throw out all your PCs and switch your entire company to Mac? Probably not. But you need to be aware of the threats and take the necessary steps to stay protected.

Good News: Most Attacks Fail

We’ll start with some good news: while something like 95 percent of all cyberattacks target Windows itself or applications running in Windows, most of them fail.

That’s because, at least in part, Microsoft didn’t achieve this kind of success by failing to protect its users. The company does a pretty good job keeping its OS secure and blocking attacks as soon as they’re discovered.

Bad News: Successful Attacks Cause Damage

Still, those attacks that make it through? They can do serious damage.

  • You could lose access to vital business data or systems through a ransomware attack.
  • Malware and other techniques can be used to steal data or skim credentials.
  • Your operations could grind to a halt while you deal with the effects of a denial of service attack.

And those are just three of the many possibilities out there.

So what should you do to keep your organization safe — without completely reinventing your business to somehow work without Windows?

We’ve got a few strategies to share that should lower your risk.

1. Keep Hardware and Software Up to Date

By far the most important thing you can do to stay safe from cyberattacks targeting Windows is keeping your hardware and software up to date.

These are those little security updates you’ve probably seen pop up in your tray. Or sometimes an application (like Word or Outlook or the ones that are unique to your line of business) will give you a little notification saying it needs to update itself.

We’ve all done it: it’s easy to snooze these things. We don’t want our PCs to get locked up for half an hour installing updates, after all!

But these updates are vital. These are how the companies that make operating systems and software fix vulnerabilities as they are discovered.

Install them right away, and you’re very well protected. But if you wait, here’s the thing: once these updates hit, the bad guys can usually tell exactly what weakness was patched. All those systems out there that haven’t installed the update? They’re even more vulnerable now.

2. Use Endpoint Management

If the first step sounds overwhelming, we understand. How do you keep every single employee and device up to date all the time? That’s a lot of manual work and checking to make sure people did what they were supposed to.

Endpoint management is a better solution. This method gives your IT department (or your IT provider) control over when those updates get pushed out, rather than leaving it up to every employee.

Endpoint management isn’t all that complicated to run, but setting it up can be a bit technical. Your IT service provider can help with this — and if you don’t have one, we’re happy to provide this service to your business.

3. Have a Plan

Last, you should have a plan in place that assumes that eventually, someday, you’ll face a cyberattack. Having a resilience plan and recovery strategy in place helps you get back on your feet and minimize the damage.

This kind of planning takes strategic vision AND significant tech skills. Could you use a partner who’s helped craft these plans for numerous businesses in our area? Our team is ready to help. Reach out now to get started!

phishing malware