Media outlets across the globe have reported on the ban placed on the sale and use of Kaspersky within the US by the Department of Commerce on June 20, citing continued use of Kaspersky presents an “undue or unacceptable national security risk.” With Kaspersky being a Russian company, the security concern is that apparently Russian companies can be required to provide customer data to the Russian government whenever requested. “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky, to collect and weaponize sensitive US information,” the Commerce Department stated.

This ban has been met with mixed reaction by organizations and individuals who currently use Kaspersky from scurrying to find something to replace it with quickly, to no real reaction and plans to continue using (which should not be an option, unsupported software is never recommended). Regardless of the thoughts had on this, there are a few important items to note:

  • This ban restricts all US organizations from transacting any business with Kaspersky.
  • The ban goes into effect after September 29, 2024.
  • This ban does not specifically prohibit US businesses and individuals from using Kaspersky products after September 29, but since Kaspersky cannot provide any software updates after this date, continuing to use Kaspersky poses a potentially significant security risk.
  • As a result of Kaspersky no longer being able to be supported in the US after September 29, it is critical that those using it research alternatives and implement a solution that provides for their needs.
  • Just like all anti-virus tools, Kaspersky has access to sensitive data on the systems in which they are installed. Given this, it will be important to identify all corporate devices that are running the company’s software, including contractors and employees using personal devices, and monitor them.
  • Just replacing Kaspersky with a new anti-virus solution does not resolve the situation as anti-virus software often requires root level access that is not easily removed by uninstallers. Given this, close monitoring of security networks and systems in which Kaspersky was uninstalled will be imperative.

For any organizations or individuals currently using Kaspersky, please be aware of the upcoming deadline and the security monitoring that may be required. If your organization is not sure how best to proceed and needs guidance, we would be happy to provide a free consultation to assist you. If you would like to talk about this or any technology related needs, please reach out to us at