government of Jersey shield with JCSC text

Work starts here: Windows 10 support is coming to an end

A man stands in front of a grey background looking at the camera

 

Senior Analyst James McLaren outlines how the end of Windows 10 support will affect you, and how you can prepare.

One of the critical pieces of the security jigsaw is ensuring that your software is up to date. Much of this revolves around installing security patches as they’re released by the developer. However, there’s also the small matter of ensuring that the software you use is supported, so that the necessary updates are actually being developed.

This distinction is especially important if you’re one of the millions of people using Microsoft Windows 10: in 600 days’ time (on 14 October 2025) support for Microsoft Windows 10 will end.

Unlike operating systems for servers where you can buy (at a price) a two- or three-year extension, after 14 October 2025 there will be no more support and Windows 11 will be the only game in town.

We’re writing about this now, well in advance of the change, because it is likely to affect you and your organisation in key ways and you will need to take action.

 

Allow time to source new machines

Firstly, there are many devices that will not run Windows 11. This is because Windows 11 uses a component called a Trusted Platform Module (TPM for short), which offers a significant upgrade to security.

This means that you will need to replace your laptop or computer: you will not be able to upgrade to Windows 11 on your current machine.  Given that there have been significant supply chain issues that have slowed down tech supplies in the last few years, this means that you’ll want to get a new machine ahead of time. (That’s certainly what I’ll be doing with my personal laptop.)

 

Beware OS-specific programmes

There are technologies that may be tied to Windows 10, and which you cannot run on Windows 11. The easiest course of action is to simply keep one or more machines running Windows 10 so that you can use these programmes or services.

However, it seems likely that malicious actors will start searching for these sorts of vulnerabilities, especially since they know these services and machines won’t be receiving security updates.

If you rely on any of these legacy systems, you should start scheduling upgrades or looking for alternatives now.

 

Give staff to time to learn

Thirdly, in the case of businesses, there’s a cultural and staffing issue to consider. Staff need time to learn new technologies and operating systems which can, in many cases, lead to a short-term drop in productivity.

For some businesses,  the potential for lost productivity when staff encounter something unfamiliar may be more pressing than the longer-term gains when staff have the chance to play with and master new technology in good time.

 

Don’t risk your CyberEssentials certification

And there is also a security governance issue to this issue. If you hold a CyberEssentials or CyberEssentials Plus certification (and most organisations really should), you’ll need to renew it in the future.

When you come to renew, running unsupported software will lead to an automatic “fail.”

_____

In conclusion, while two years may seem like a long time, recent experience suggest otherwise. When GDPR came into force in May 2016 in the UK, there was a two-year grace period for business and organisations to understand what was needed and to take action. Despite this, many businesses did not prepare in good time, and were left scrambling to put in place new processes and systems in order to meet the deadline.

Please do not make that mistake with Windows 10. We’ll continue to post regular reminders of the incoming deadline between now and 14 October 2025.

For more information, contact us: