Microsoft wants you to upgrade your business onto the latest Windows OSes that offer security patches because, if you’re running a Windows Server 2003 machine, you’re doomed.
Sound advice, but many large institutions (such as those in healthcare and manufacturing) can’t upgrade because they rely on legacy software that won’t run on modern operating systems.
It costs an enormous amount to upgrade, especially when the machines are fine and it’s just the Server that’s the issue.
However, all is not lost because there are some things you can do to keep your old Windows Server 2003 secure.
Network segmentation and monitoring
Network segmentation goes beyond placing vulnerable servers behind a firewall.
By restricting access to your most critical servers, and making sure only system admins can control them, you’re reducing the network hackers can access should they breach your firewall.
It’s not a costly exercise, and Enterprise internet routers often have access control features that can limit which computers can talk to what. It’s also wise to monitor vulnerable servers (especially if carrying critical information) for any unusual traffic.
Whitelisting works by allowing only trusted applications to run on your computer.
It’s the opposite approach to antivirus products that blacklist malicious programs based on known indicators.
Backup sensitive data
Hopefully, you’re already doing this, but backing up important data stored in your machines will help. Particularly with the growing popularity of ransomware that infects your computer and encrypts all the data within it, which will only be freed once a ransom is paid.
The best option
Although these ideas will help, the best solution is still to upgrade.
Yes, it will be costly in the short-term, but that investment will help the long-term security of your data and reputation of your business.