Windows 11: Time To Upgrade?

Should You Upgrade to Windows 11 Before Windows 10 End of Support?

Microsoft has recently been pushing strongly—through notifications, emails, and frequent reminders—about making the Windows 11 Upgrade. You’ve probably seen alerts popping up on your desktop or messages arriving in your inbox urging you to consider upgrading or migrating away from Windows 10. While these persistent nudges from Microsoft highlight important upcoming changes, they might also leave you feeling pressured or confused about whether now truly is the right moment to switch.

Before you jump into a Windows 11 Upgrade, it’s essential to carefully evaluate whether the timing aligns with your business or personal computing needs. Microsoft’s consistent messaging makes it clear they’re eager for users to transition, but it’s crucial to make an informed decision based on compatibility, hardware readiness, and how critical ongoing support is for your specific situation.

According to Microsoft, Windows 10 End of Support (EOS) is scheduled for October 14, 2025.

Learn More: Windows 10 End of Support Details

Windows 10 End Of Service vs Upgrading to Windows 11
Windows 10 vs Window 11

But, is now the right time to upgrade from Windows 10 to Windows 11? The answer is, well, maybe.

Three Key Considerations Before Upgrading:

  1. Current PC Suitability:
    • If your current Windows 10 PC is relatively recent, meets your ongoing needs, and your software applications continue supporting Windows 10 (hint: most will for some time), then why rush? It might be smarter to wait until you’re naturally ready for a new computer.
  2. TPM 2.0 Hardware Requirements:
    • Microsoft recently eased the TPM 2.0 requirements for Windows 11 upgrades. TPM, or Trusted Platform Module, is a specialized hardware chip integrated into modern computers, designed to provide enhanced security by handling sensitive tasks, such as encryption, secure boot, and storing authentication keys securely. TPM 2.0 is the latest version of this security standard, and Microsoft initially required it as mandatory hardware for installing Windows 11 to ensure optimal protection against modern cyber threats, such as ransomware and unauthorized access.
    • Due to concerns that strict TPM 2.0 enforcement would prevent many otherwise capable computers from upgrading to Windows 11, Microsoft recently relaxed these hardware restrictions. This adjustment means that even computers lacking full TPM 2.0 compatibility, but meeting other hardware criteria, can now potentially upgrade to Windows 11.
    • If your current hardware qualifies under these relaxed guidelines, proceeding with a Windows 11 upgrade could provide valuable security enhancements, improved system stability, and smoother performance overall. Checking your PC’s TPM compatibility and readiness for Windows 11 is recommended, allowing you to leverage these upgraded security features without prematurely investing in completely new hardware.
  3. Buying a New PC?
    • New PCs will likely come with Windows 11 pre-installed. However, this could be an ideal moment to explore alternative operating systems like MacOS or Linux if you’re considering making a change.

Microsoft’s Windows 10 End Of Support FAQ: Our Insights

Let’s analyze the main points Microsoft shared in their recent communications:

Microsoft’s FAQ:

Point 1: What does this mean for me?
Microsoft: “After October 14, 2025, no more free software updates, technical assistance, or security fixes from Microsoft.”

SofTouch Insight:
Historically, “End of Support” rarely means immediate cessation of critical updates. Governments and large corporations often continue using Windows versions beyond EOS, prompting Microsoft to release critical security patches occasionally, even for EOS systems.

Point 2: What can I do with my old computer?
Microsoft: “Trade-in or recycle it with local organizations.”

SofTouch Insight:
This raises a logical question: If trading in means your PC will be resold and used again, presumably still running Windows 10, why push aggressively for an immediate upgrade?

Point 3: Will my Windows 10 PC stop working?
Microsoft: “No, it will continue functioning, but without official support.”

SofTouch Insight:
Exactly—your PC won’t magically stop working. When was the last time you directly contacted Microsoft for PC support?

Point 4: How is Windows 11 more secure?
Microsoft: “Windows 11 offers comprehensive end-to-end security, including antivirus, firewall, and internet protections.”

SofTouch Insight:
These security features are standard across most modern operating systems, including recent Windows 10 versions. If you’re utilizing SofTouch Managed IT Services, you’re already benefiting from advanced security measures beyond those provided by default in either Windows 10 or Windows 11.

Microsoft’s note at the email conclusion is crucial:

If you plan to keep using your Windows 10 PC, we recommend keeping your files backed up.

That’s excellent advice! Regular backups are essential, regardless of your operating system or device.

SofTouch Systems Backup Services

Conclusion

Whether you choose to upgrade now or later, SofTouch Systems is here to help:

  • Compatibility Checks: Confirm if your current PCs can handle Windows 11.
  • New PC Advice: Recommend the ideal new PC tailored to your business needs.
  • Migration Support: Assist with seamless transitions to Windows 11 or alternative operating systems.

For personalized guidance on Windows upgrades, managed IT support, or security strategies, contact SofTouch Systems today.

Protecting Businesses: Cybersecurity Essentials for a Secure Tax Year

Keep Your Business Safe This Tax Season: Cybersecurity for Financial Data

Cybersecurity for Financial Data by SofTouch Systems

Tax season is upon us again, a critical period when cyber threats intensify as criminals seek to exploit vulnerabilities, particularly targeting sensitive financial data. As business owners, non-profit organizations, or school district IT managers in Texas, you hold a vital responsibility to safeguard your organization’s critical financial data. Ensuring cybersecurity not only protects your sensitive information but is also fundamental to maintaining trust and reliability within your community.

Why Cybersecurity for Financial Data is Crucial During Tax Season

Cybercriminals actively exploit this busy period, targeting financial records, employee information, and other sensitive data. A cybersecurity breach can result in devastating losses, including financial penalties, reputational damage, and operational disruptions. For instance, ransomware attacks have surged in recent years, crippling operations and forcing businesses to pay costly ransoms.

Essential Cybersecurity Measures to Protect Your Financial Data

1. Reliable Backup Solutions

One of the most effective measures your organization can adopt is implementing comprehensive backup solutions. Backups act as an insurance policy against data loss from cyberattacks or technical failures. Consider the case of a local Central Texas school district that fell victim to ransomware but was able to quickly restore its systems and resume operations thanks to its diligent backup procedures managed by a trusted managed service provider (MSP).

2. Robust Antivirus and Malware Protection

Antivirus and malware protection software is essential to safeguard your IT infrastructure. These IT solutions detect, quarantine, and eliminate malicious software before it can cause damage. For example, a nonprofit organization (not disclosed) that lacked adequate antivirus protection experienced a significant data breach, compromising donor information and eroding community trust. Investing in managed antivirus solutions from a reputable MSP like SofTouch Systems helps ensure continuous protection against evolving threats.

3. Employee Education and Awareness

Cybersecurity is not solely a technological challenge—your staff plays a crucial role as well. Phishing attacks are among the most common methods used to infiltrate organizational networks, often disguised as legitimate tax documents or urgent financial requests. Regular training sessions, mock phishing exercises, and educational materials provided by your MSP can equip your employees with the necessary knowledge to recognize and respond to cyber threats appropriately.

4. Regular Network Audits and Monitoring

Continuous monitoring and routine audits are essential for proactively identifying potential vulnerabilities within your systems. Regular assessments can reveal weaknesses before cybercriminals exploit them, thus enabling swift remedial action. An MSP like SofTouch Systems can offer ongoing network monitoring, timely security patches, and regular audits to enhance your cybersecurity posture effectively.

SofTouch Systems is Cybersecurity for Financial Data.

The Role of Managed Service Providers in Cybersecurity

Partnering with an experienced MSP provides comprehensive IT business solutions tailored specifically to your organization’s needs. MSPs* manage all aspects of cybersecurity, from data protection strategies and software updates to network security and crisis management. Working with an MSP not only secures your operations but also enables you to focus more on your mission-driven objectives.

SofTouch Systems: Your Trusted Cybersecurity for Financial Data Partner

At SofTouch Systems, we specialize in cybersecurity solutions designed for organizations like yours—those driven by traditional values, integrity, and community commitment. We understand the unique challenges faced by businesses, nonprofits, and educational institutions in Texas. Our team is dedicated to delivering personalized IT solutions, including data backup, antivirus protection, and comprehensive cybersecurity management.

Take Advantage of a Complimentary Cybersecurity Audit

Not sure where your organization stands regarding cybersecurity? SofTouch Systems is offering a complimentary, no-obligation cybersecurity audit for your organization. This audit will thoroughly evaluate your current network setup, identify potential vulnerabilities, and provide clear, actionable recommendations for enhancing security and business continuity.

Don’t wait until a breach occurs—be proactive. Protect your organization, secure your financial data, and maintain your community’s trust by scheduling your free cybersecurity audit today.

Act Now—Safeguard Your Organization Today

This tax season, commit to strengthening your cybersecurity posture. Contact SofTouch Systems to ensure robust data protection, antivirus and malware solutions, and continuous IT support. Your proactive approach today ensures your organization’s stability and trustworthiness for tomorrow.

Protecting Your Organization: How to Stay Safe from Deceptive Email Attacks

Protecting Your Organization: How to Stay Safe from Deceptive Email Attacks

Email security threats are constantly evolving, and attackers frequently use seemingly safe emails to breach organizational systems. For small-to-medium businesses (SMBs), nonprofits, churches, and school districts in Texas, vigilance is crucial. Understanding common tactics attackers use and knowing how to identify deceptive email attacks can significantly strengthen your cybersecurity posture.

Common Types of Deceptive Email Attacks

1. Phishing Emails Phishing emails trick recipients into revealing sensitive information like login credentials, financial details, or personal data. A real-world example is the 2019 phishing attack on the Manor Independent School District in Texas, resulting in a $2.3 million loss. ​

In late 2019, the Manor Independent School District (MISD) in Texas experienced a significant financial loss due to a sophisticated phishing scam. Over approximately a month, the district unwittingly transferred $2.3 million to cybercriminals.​

The incident began in November 2019 when multiple MISD employees received phishing emails. One staff member responded, leading to unauthorized changes in bank account information for a known vendor. Subsequently, three separate payments were made to the fraudulent account before the district realized the deception in December 2019.

Detective Anne Lopez of the Manor Police Department emphasized the importance of vigilance, advising individuals to scrutinize emails and verify the authenticity of any requests, especially those involving financial transactions.

In response to the breach, MISD collaborated with the Manor Police Department and the Federal Bureau of Investigation, both of which launched investigations into the incident. The district also issued public statements to inform the community and sought assistance from anyone with pertinent information.

This event underscores the critical need for comprehensive cybersecurity measures, including regular employee training, stringent verification protocols, and advanced email filtering systems, to protect organizations from similar threats.

What to look for:

  • Unfamiliar sender addresses.
  • Urgent requests for information or funds.
  • Spelling or grammatical errors. (They are using AI now so look for poor phrasing or confusing writing flows)

2. Spear Phishing Attacks Spear phishing is targeted phishing aimed at specific individuals or roles within an organization, making the emails more convincing. In 2020, Ubiquiti Networks, a prominent networking technology company, experienced a significant security breach orchestrated by an insider, Nickolas Sharp, who exploited his privileged access to steal confidential data and attempt extortion.

The Spear Phishing Attack

So, Nickolas Sharp, a senior cloud engineer at Ubiquiti, utilized his authorized credentials to infiltrate the company’s Amazon Web Services (AWS) infrastructure and GitHub repositories. To conceal his identity, he employed a Virtual Private Network (VPN) service, specifically Surfshark. However, during the data exfiltration process, a temporary internet outage led to his real IP address being logged, inadvertently exposing his identity. Sharp managed to download substantial amounts of sensitive data, including source code and customer information.

Subsequently, he posed as an anonymous hacker, demanding a ransom of 50 Bitcoin from Ubiquiti in exchange for not releasing the stolen data. When the company refused to comply, Sharp leaked misleading information about the breach, causing a significant drop in Ubiquiti’s stock value.

Attack Methodology and Motivation

This incident exemplifies an insider threat, where an individual with legitimate access exploits their position for malicious purposes. Sharp’s actions were financially motivated, aiming to extort the company by leveraging the stolen data. His technical knowledge and authorized access facilitated the breach, highlighting the challenges organizations face in detecting and preventing insider threats.

Preventive Measures:

To mitigate such risks, organizations can implement the following strategies:

  • Zero Trust Model: Adopting a Zero Trust security framework ensures that all users, regardless of their position, are continuously authenticated and authorized, minimizing implicit trust.
  • Network Segmentation: Dividing the network into distinct segments restricts access to sensitive data, ensuring that employees can only access information pertinent to their roles.
  • Enhanced Monitoring: Implementing robust monitoring and logging mechanisms can detect unusual activities, such as large data transfers or unauthorized access attempts, enabling swift responses to potential threats.

Ubiquiti’s Response and Future Protections

Upon discovering the breach, Ubiquiti initiated an internal investigation and collaborated with law enforcement agencies. The company advised customers to change their passwords and enable two-factor authentication as precautionary measures. Additionally, Ubiquiti emphasized its commitment to enhancing security protocols to prevent future incidents. citeturn0search3

This case underscores the critical importance of robust internal security measures and the need for organizations to remain vigilant against both external and internal threats.

What to look for:

  • Personalized emails referencing specific roles or responsibilities.
  • Requests from known contacts with unusual content or formatting.

3. Business Email Compromise (BEC) Business Email Compromise (BEC) attacks have become increasingly prevalent, causing significant financial losses across various sectors. In 2022, the FBI’s Internet Crime Complaint Center (IC3) received 21,832 BEC complaints, with reported losses exceeding $2.7 billion. citeturn0search13

Understanding BEC Attacks

BEC attacks involve cybercriminals impersonating trusted figures—such as company executives, vendors, or legal representatives—to deceive employees into executing unauthorized financial transactions or divulging sensitive information. These attacks often employ social engineering tactics, exploiting human trust and organizational protocols. citeturn0search0

Notable BEC Incidents:

  1. Ubiquiti Networks (2021):
    • Summary: Ubiquiti Networks, a global networking technology company, suffered a BEC attack resulting in losses exceeding $40 million.
    • Attack Details: Attackers gained access to an employee’s email account and used it to send fraudulent payment requests to Ubiquiti’s finance department and external vendors. citeturn0search6
  2. Toyota Boshoku Corporation (2019):
    • Summary: Toyota Boshoku Corporation, a major Japanese automotive parts manufacturer, lost $37 million due to a BEC attack.
    • Attack Details: Attackers compromised a vendor’s email account and sent fraudulent payment requests to the company. citeturn0search6

Preventive Measures

Organizations can implement several strategies to mitigate the risk of BEC attacks:

  • Employee Training: Regularly educate staff about recognizing phishing attempts and the importance of verifying unusual requests.
  • Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security to email accounts and financial transactions.
  • Verification Protocols: Establish procedures to verify payment or data requests, such as confirming through a secondary communication channel.
  • Email Filtering: Utilize advanced email filtering solutions to detect and block potential phishing emails.

Response to BEC Incidents

Organizations that have fallen victim to BEC attacks often take the following steps to enhance future security:

  • Incident Analysis: Conduct thorough investigations to understand the breach’s scope and methodology.
  • Policy Revisions: Update financial and communication protocols to include additional verification steps.
  • Technological Enhancements: Invest in advanced cybersecurity tools and infrastructure to detect and prevent future attacks.
  • Collaboration with Authorities: Work closely with law enforcement agencies to address the breach and prevent further incidents.

By adopting these measures, organizations can significantly reduce the likelihood of falling victim to BEC attacks and protect their financial and informational assets.

What to look for:

  • Sudden changes in payment instructions.
  • Emails from executives outside normal channels or processes.

Essential Practices to Protect Your Organization

Educate Your Team Regularly Conduct routine training sessions emphasizing how to recognize and respond to suspicious emails. Organizations like churches and school districts particularly benefit from regular security awareness programs tailored specifically to their needs.

Implement Email Authentication Protocols Use authentication standards like SPF, DKIM, and DMARC to help ensure email legitimacy, significantly reducing the likelihood of deceptive emails reaching your inbox.

Verify Requests Independently Always verify financial or sensitive requests via a separate communication channel, such as a phone call, especially if the email seems slightly unusual.

Stay Updated on Cybersecurity Trends Regularly update your knowledge about emerging threats. Platforms like the Texas Department of Information Resources or the Cybersecurity & Infrastructure Security Agency (CISA) provide useful, up-to-date information. You can also follow SofTouch Systems here on our webpage, LinkedIn, Facebook, and our bi-weekly newsletter.

How Managed IT Services Can Help

While these guidelines will significantly reduce your risk, some SMBs and nonprofits need professional guidance to establish robust cybersecurity frameworks effectively. Managed IT services, like those offered by SofTouch Systems, provide expert consultations, secure email setups, employee training, and proactive monitoring to protect your organization’s critical data.

Our specialists help you:

  • Implement advanced cybersecurity protocols.
  • Regularly test your security posture.
  • Respond swiftly and effectively to security incidents.

Secure Your Organization Today

Don’t wait until a deceptive email attack compromises your business or nonprofit organization. Take proactive steps now and reach out for a comprehensive IT consultation. At SofTouch Systems, we ensure your organization stays safe so you can focus on what truly matters.

How Managed IT Services Can Save Your Business Money

Cybersecurity & Infrastructure Security Agency

Contact SofTouch Systems today for your free cybersecurity consultation.