4 Reasons Why You Should Not Upgrade to Windows 10Beits Livneh
We’ve tested Windows 10, like millions of others, and we think it can be a great platform if you are a small business and you do not plan on keeping sensitive customer data on it such as credit card information. For industries such as law, healthcare, and financial services it’s a different story.
Windows 10 has a few settings that by default are causing the operating system to fall short of meeting compliance requirements in the industries mentioned above. Furthermore, we believe that everything we’ve read so far on the technical side, that it may also not be HIPAA, PCI or FCC compliant.
So if you are concerned about keeping customer data safe and secure, Windows 10 is not the operating system you want to be running for the time being and definitely not without the consultation of a professional.
AREAS OF CONCERN
Here are a few of the areas that give us and should give you concern when deciding whether your organization should upgrade to Windows 10:
Spying on us & gathering data
Cortana is virtual assistant and Microsoft’s answer to Siri. The goal of these programs is to help you by personalizing your experience as much as possible. In order to do this, they need to collect & analyze lots of data.
So they gather data from your speech patterns to your calendar, email, text messages, phone calls & logs, contacts (including how much you interact with specific people) and device location to name a few big areas.
Another item to note is that they will gather this information from all your devices running Windows 10, such as, your PC, tablet, Smartphone, etc. So, why should you be concerned?
Many of us in the business world carry sensitive client information on our devices. This data could be found in our emails or calendar appointments and if you are in an industry such as law or healthcare or financial services, there are regulations on how you treat this data.
Potential Back Door Access to Your Network
Microsoft states that it will “collect information from you and your devices” which includes, for example, user data for apps that run on your Windows 10 devices or data about the networks you connect to.
So if you save your company’s WIFI log-in key, which many of us do, then they (Microsoft, hackers, take your pick) can potentially have access to your network thus posing a potential network security risk.
With this type of potential access — a treasure trove for hackers — it may only be a matter of time before cybercriminals break in and capture your network information.
Tracking Your Every Move
Each Windows 10 device has a unique advertising ID. This ID is used for tracking and feedback for Microsoft’s marketing people. This feature could be turned off but by default it is turned on.
If left on, it can track every single device that is running Windows 10 and therefore it could track you.
Giving Hacker’s the Keys to the Kingdom
Here’s something that should be a good thing but at the moment is a huge security risk. Microsoft has an option in Windows 10 that uses BitLocker to encrypt your hard drive which like suggested above is a good feature, at least conceptually.
Where this feature becomes potentially dangerous for business users, is that the encryption key is “backed up” on Microsoft’s Cloud storage service called OneDrive. So if a hacker gained access to your OneDrive account, they essentially can have access to all the information on your hard drive. Not good.
Disclosure & Use of Your Data
This one is potentially the worst of all areas of concern.
One of the biggest questions we get when we teach continuing education classes to lawyers at the State Bar of Arizona, is “how do we choose a cloud provider?” One of the answers, besides security, is that you want to see how the Cloud provider handles your data. For instance, how will the provider save, secure, or use your data and in what circumstance will they provide the data to a 3rd part such as the government.
Microsoft states the following in their privacy statement:
“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.”
This is pretty straight forward that their so called “good faith” is what is going to determine whether or not they are going to access, disclose, or preserve your personal data. This sounds too loose for our standards and should really give pause especially for industries concerned about compliance.
SHOULD YOU UPGRADE OR NOT
As mentioned above, if you are a small business not planning on saving critical customer data on Windows 10, then this operating system is a pretty good improvement over some of their more recent upgrades.
However, at the moment we are unable to give our clients in healthcare, financial services, and especially law a blanket “OK” to upgrade.
WHAT SHOULD YOU DO?
Before upgrading, contact us for a free “Professional Compatibility Assessment“. We’ll talk with you about the upgrade in your environment.
We’ll let you know what defaults could be turned on or off and how to navigate around some of the privacy, security, and compliance issues stated in this article.
Contact us at via email at email@example.com or call us at 480-614-4227 or via email.