Network segmentation and monitoring

Companies saddled with older Windows Server machines can still protect themselves. Williams suggests they go beyond putting vulnerable servers behind a firewall, and use a tactic called network segmentation.

This can involve restricting access to your most critical servers, and ensuring only system admins can control them. “So instead of giving 20,000 people in a company access, you can cut that number down to 20,” Williams said.

Thus, if hackers ever do breach the firewall, they’ll have access to a smaller segment of the corporate network.

Network segmentation also doesn’t cost a lot of money. Enterprise internet routers often contain access control features that can limit which computers can talk to what, Williams said.

Businesses should also consider monitoring the vulnerable servers, or at least the ones carrying critical information. Any unusual data traffic moving through them is probably a sign they’ve been hacked, he said.

Weighing the risks

To keep malicious activity out of vulnerable systems, application whitelisting can also be used, said Jason Leitner, president of Below0Day, an IT security provider.

Whitelisting works by allowing only trusted applications to run on a computer. It’s the opposite approach of antivirus products, which essentially blacklists malicious programs based on known indicators.

Businesses can also create backups of any sensitive data stored in these machines. One malicious threat that’s been growing in recent years has been ransomware

However, even with these safeguards, the best solution to protecting a vulnerable Windows Server system is to upgrade, according to security experts.

Although it might be costly in the short term, the investment can help businesses avoid a disastrous data breach. Tiago Henriques, CEO of security firm BinaryEdge, encourages businesses to calculate which is higher: “The cost of buying the upgrade or the damage to their brand and their clients if they get hacked?”