I’m the first to admit I’m no tech wizard. My at-home computing system (a Dell desktop and a Dell laptop with a wonky keyboard and no sound) is about as technologically advanced as a hamster in a wheel. Suffice it to say my personal email is still AOL (I’m waiting for it to become “retro,” like handlebar moustaches, ukuleles and typewriters). But even I’m not running Windows XP.

In case you haven’t heard, Microsoft stopped supporting the Windows XP system earlier this month. Although users may not experience much difference in their system operations, the fact that they will no longer receive updates and security essentials can open the door for hackers, viruses and a plethora of problems.

I didn’t really think the end of XP would affect the independent agent system. Most firms are running sophisticated agency management systems and other programs that require more power than that hamster in a wheel. But I was wrong.

According to Steve Anderson, insurance tech expert and executive editor of The Anderson Agency Report (TAAR), plenty of smaller independent agencies have been in touch with him about how to transition from Windows XP.

Anderson, analysizing Google Analytics to determine who’s visiting his website, estimates that just over 25% of these visitors are running XP, and “I suspect it’s smaller agencies,” he says.

He spoke with an agent last week who wanted to know if his five-person office really needed a new operating system when XP was working just fine. Anderson explained to him that from a normal operational standpoint, probably not a lot will change; the big issue is the exposure to a data breach. “They will be increasingly vulnerable to someone hacking into their systems, especially for agencies with in-house agency management systems versus online or cloud-based systems,” he says. Cloud systems are inherently more secure because vendors have more resources to spend on security and the tech talent to protect the systems, he says.

Unfortunately, many smaller agencies don’t have the knowledge or financial wherewithal to upgrade to Windows 7, and Windows 8 has had operating issues, so they may think the devil they know is better than the devil they don’t know and stick with XP. “But frankly, the real issue is from a regulatory standpoint; now that 47 states have breach notification laws, any indication that an agency has had a data breach and haven’t taken steps to protect their data will be problematic,” he says.

It’s a fact that data breaches aren’t going away: The huge Heartbleed loophole is indicative of what’s to come, Anderson says. (TAAR’s tech tip of the week deals with Heartbleed.) The big difference between Heartbleed-type vulnerabilities and events like the December 2013 Target hack is that Heartbleed appears to be a “simple programming mistake,” while the Target breach was criminally malicious, with pieces of customer identifying information being sold on various websites for $50 apiece in lots of a thousand, Anderson says. “I haven’t actually seen anything about what was actually compromised by Heartbleed,” he says. “That’s why I suspect not a lot of people knew about the hole.”

(Heartbleed update: Canadian police just arrested a 19-year-old hacker for exploiting the Heartbleed bug to steal taxpayer data from a government website.)

Heartbleed is just the latest indication that websites will continue to be vulnerable, Anderson says. And in spite of concerns about cyber political terrorism, most hacking activity still boils down to criminals, plain and simple. And make no mistake, agencies are vulnerable: Anderson says he’s spoken with at least five agents who ponyed up money in “ransomware” viruses like CryptoLocker, in which criminals hold vital data captive until the owner pays a ransom to get it back.

Quick tips that agents can use–and share with their customers–include:

  • Have more complex passwords and change them often
  • Educate your employees on protecting themselves against Cryptolocker programs, phishing schemes, and being careless with devices
  • Install mobile device management software to prevent viruses from employees’ mobile devices
  • Install and update antivirus programs such as McAfee and Norton, but be aware that you can’t rely on firewalls and virus protection programs because there are lots of other ways for criminals to get data.
  • View cyber risk from a risk management standpoint: identify it, try to mitigate it, or transfer it through cyber insurance insurance.

Still think you can’t afford the time or the money to update from Windows XP?