With Windows XP finally reaching its sunset, many organizations have been thinking their security woes are gone. I’m not sure that is entirely true.

I’ve been speaking with several banks lately and while their internal networks are largely free of XP system, many of their external/remote users are still running the operating system at home. Like BYOD (Bring Your Own Device), some of these devices are largely unmanaged, personally owned, and could still pose a threat to an otherwise secure environment when connected via VPN. In one recent case, a bank was allowing executives and support personnel to VPN in from their respective home computers. Some of these computers are home systems that are shared amongst family members. While the employee working from home is made aware of the threat environment (at least annually in a bank), I’m sure their kids are not. Who knows what they have been clicking on?

In any case, it might be worth the time to review how users access internal systems while remote to make sure that there are no system exposures. I know much of the focus on remote access has been on cell phones and iPads but some consideration should be given to Personal Computers. It would be a shame to get compromised by one of these systems after spending so much time and money on securing the internal network.