Work Starts Here: Windows 10 support is coming to an end

Senior Analyst James McClaren outlines several reasons you should start preparing for the end of Windows 10 support.

One of the critical pieces of the security jigsaw is making sure that your software is up to date. Much of this revolves around installing security patches as they’re released by the developer. However, there’s also the small matter of ensuring that the software you use is supported, so that the necessary updates are actually being developed.

This distinction is especially important if you’re one of the millions of people using Microsoft Windows 10: ?in 600 days’ time (on 14 October 2025) support for Microsoft Windows 10 will end.

Unlike operating systems for servers where you can buy (at a price) a two or three year extension, after 14 October 2025 there will be no more support and Windows 11 will be the only game in town.

We’re writing about this now, well in advance of the change, because it is likely to affect you and your organisation in key ways, and you'll need to take action.

?

Allow time to source new machines

Firstly, there are many ?laptops and computers that will not run Windows 11. This is because ?Windows 11 uses a component called a trusted platform module (TPM for short), which offers a significant upgrade to security.

This means that you will need to replace your laptop or computer: you will not be able to upgrade to Windows 11 on your current machine.? Given that there have been significant supply chain issues that have slowed down tech supplies in the last few years, this means that you’ll want to get a new machine ahead of time.

?

Beware OS-specific programmes

There are technologies that may be tied to Windows 10, and which you cannot run on Windows 11. The easiest course of action is to simply keep one or more machines running Windows 10 so that you can use these programmes or services.

However, it seems likely that malicious actors will start searching for these sorts of vulnerabilities, especially since they know these services and machines won’t be receiving security updates.

If you rely on any of these legacy systems, you should start scheduling upgrades – or looking for alternatives – now.

?

Give staff to time to learn

Thirdly, in the case of businesses, there’s a cultural and staffing issue to consider. Staff need time to learn new technologies and operating systems which can, in many cases, lead to a short-term drop in productivity.

For businesses, the potential for lost productivity when staff encounter something unfamiliar is more pressing than the longer-term gains when staff have the chance to play with and master new technology in good time.

?

Don’t risk your CyberEssentials certification

And there is also a security governance issue to this issue. If you hold a CyberEssentials or CyberEssentials Plus certification (and most organisations really should), you will need to renew it in the future. Running unsupported software will lead to an automatic “fail.”

While two years may seem like a long time, recent experience suggest otherwise. When GDPR came into force in May 2016 in the UK, there was a two-year grace period for business and organisations to understand what was needed and to take action.

Despite this, many businesses did not prepare in good time, and were left scrambling to put in place new processes and systems in order to meet the deadline.

Please do not make that mistake with Windows 10. We’ll continue to post regular reminders of the incoming deadline between now and 14 October 2025.