A little over 10 years after it was first released, Microsoft's hugely popular Windows 10 operating system is now reaching the end of the road. The final mainstream support updates will be released in October, at which point Windows 10 hits end of life. This doesn't mean that it will suddenly stop working, but it does mean that devices running it will become increasingly vulnerable to compromise over time as hackers exploit vulnerabilities they know will never be fixed. This is especially problematic in a business context where your company network is only as secure as your least secure device. Once one machine has been compromised inside the network, it can then be used as a jumping off point to access other devices.
So what are your options if you're still running Windows 10?
Option 1: Upgrade to Windows 11
The most obvious and best option if it's available to you. Windows 11 is the replacement for Windows 10 and was released 4 years ago, so is very well tested at this point. Microsoft raised the bar in terms of hardware needed to install Windows 11, but if your device is compatible, you should be upgrading as soon as you can.
Option 2: Buy a new device with Windows 11
The same as option 1, but more expensive! However, far less expensive than dealing with the fallout from a compromised device...
Option 3: Pay for extended security updates
Microsoft is offering a year of additional security updates to home users for $30. This is a one-time extension, so is only really just delaying ultimately having to go with option 1 or 2. However, it's an infinitely better idea than doing nothing at all. 3 years of extended updates are available to business users at a cost of $61 per device for the first year, which then doubles for each additional year.
Option 4: Take the device offline
By far the biggest security risk to devices is a connection to the outside world via the internet. You can mitigate the risk of an out-of-support device being compromised by taking it off the network, ensuring it has no connection to the internet or any other devices. Obviously, this seriously limits what you can do with it, but this approach may be suitable for running legacy applications assuming you have a way to move files to and from the device without using your network.
Option 5: Do nothing
While this is technically an option, we would seriously advise against this. It's hard enough making sure you don't fall victim to compromises even with an up-to-date device that has protections against them. On an unsupported device, you may as well be holding up a sign saying "Details available to be stolen here!"