NICS Ltd.

Six months past Windows 10 end-of-support. The clock has been ticking for half a year now.

Final post in this series, and the most useful one. The 30-day plan any small Saskatchewan business can actually run.

Week 1: Walk every desk. Find every Windows 10 machine. Don't trust the old IT inventory list, use your eyes. The reception PC. The laptop in the bag. The shop computer. The kiosk.

Week 2: Sort the list into three buckets. PCs from the last 4-5 years probably qualify for free Windows 11. Older hardware needs replacement. Anything running specialized software (CAD, accounting, lab equipment) needs a compatibility check before you touch it.

Week 3: Start the upgrades. Lowest-risk machines first. The spare laptop. The reception PC. Build confidence and find the surprises before you touch the production systems.

Week 4: Replace what can't upgrade. New hardware you'd have bought soon anyway. Plan one or two days per machine of mild disruption.

Throughout the whole 30 days: actually verify your backups. Pick a random file. Try to restore it. If you can't, your backup isn't working. Most ransomware victims find this out at the worst possible moment.

What this plan fixes: the foundation every other security tool sits on top of.

What it doesn't fix on its own: phishing, weak passwords, network segmentation. There's more to security than the operating system. But every other piece works better when the OS underneath isn't a known liability.

If you'd rather just hand this to someone, that's what we do at NICS. Saskatoon office, local team, 13 years of doing exactly this. But you don't need us to follow the plan.

You just need to start. 🛠️

What's your week 1 looking like?

This is what an actual ransomware attack looks like, hour by hour.

Hour 0, Monday morning: Sarah, the accountant, gets an email about a vendor invoice. She opens the PDF in Outlook's preview pane. Nothing visible happens. The malware quietly drops a small program on her machine.

Hours 1 to 4: That program calls home and downloads more tools. It scans the network. It finds a Windows 10 machine that's missing security updates because Microsoft stopped issuing them. It breaks in. The attacker now has admin rights to the whole office.

Hours 4 to 12: They quietly walk through the network. Reading documents. Finding the QuickBooks file. The customer database. The shared drive with all the project plans. They copy interesting files to their own servers across the world. Nobody notices a thing.

Hours 12 to 20: They locate the backups. The external hard drive someone plugs in once a week. The NAS in the corner of the server room. They delete or encrypt all of it.

Hours 20 to 24: They press the button. Every file on every Windows machine gets locked.

Hour 24, Tuesday morning: The owner walks in. Nothing works. The phones start ringing.

The whole sequence took the attacker maybe a few hours of focused work. Most of it ran automatically.

The cost to the business? Often the business itself.

Here's the thing nobody tells you: this entire chain depends on that one unpatched Windows 10 machine at hour 4. Remove it from the network or upgrade it, and the whole story collapses before lunch.

Question for the comments: when was the last time your business mapped out exactly which devices are still running Windows 10?