We know that outdated and unsupported operating systems, like Microsoft XP, create security risks. Look at the number of ransomware attacks that targeted unsupported OS in just the past few months. Having regular conversations and reminders of those risks is necessary – and will continue to be necessary until users admit it is time to make a change to a newer, supported OS.
What we don’t talk about – and should – are old office productivity suites, like Microsoft’s Office. Like with new operating systems, updating new productivity suites is costly and time consuming, and hey, as long as recipients can still open and read that old version Word document you sent, what’s the problem?https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Well, other than your inability to read a document saved to the latest version and sent to you, there are security risks involved with continuing to use old versions of office productivity suites.
According to new research from Spiceworks, 68 percent of companies are still running at least one instance of Office 2007, despite reaching its end of support date on October 10, 2017, and 46 percent of companies are still running at least one instance of Office 2003, while 15 percent are running Office XP, 21 percent are running Office 2000, and 3 percent are running Office 97. The dangers of using these outdated and unsupported productivity suites are parallel to outdated OS, as the Spiceworks blog explained:
Although they might not grab as many headlines as end-of-support OSes, Office suites that are past their prime are susceptible to danger, similar to their OS cousins. Just like any software or system in use, productivity suites need to be patched for security reasons. And once an OS no longer receives updates, it's a security liability. And over the years, there have been hundreds of vulnerabilities identified in Microsoft Office.
The good news is that 2018 budgets appear to be factoring in the need to update productivity suites. Companies are turning to cloud-based or open-source products, where security is provided through the cloud provider. Yet, even that isn’t fail-proof. A study conducted by Barracuda Networks found that the clear majority of companies are hesitant to move to cloud-based productivity suites because of the fears of ransomware. According to a CloudPro article about the study, security concerns were the top reason why organizations were avoiding cloud-based productivity suites. As the article said:
Notwithstanding these fears, over 85 percent of EMEA respondents claimed not to be using Microsoft’s Office 365 Advanced Threat Protection (ATP) – using third-party security instead. More than two fifths (43 percent) are using third-party security, archiving or backup solutions.
And as Chris Ross, senior sales VP, International, at Barracuda Networks, was quoted in the CloudPro piece:
… it was “encouraging to see is that businesses are waking up to the importance of a layered approach, which suggests a better understanding of their liabilities when it comes to cloud adoption.”
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba