UPDATE EVERYTHING
Microsoft
does a good job keeping Windows 10 and its built-in tools updated, but Windows
Update can fail sometimes so performing manual scans is a good idea to make
sure the latest updates worked.
For organizations where the desktop OS(Operating System) is image-based,
it's a good idea to rebuild the OS image once in a while to make sure every
image is completely up to date. If admins just assume everything is set, an
image could be missing an update which opens up security holes.
Third-party software such as Adobe Reader needs updates and patches.
Because most organizations have a lot of third-party software and third-party
vendors often release updates at unpredictable intervals, it can be a struggle
for IT to keep up. As a result, admins should invest in patch management tools
that scan users' devices for any software with missing patches.
ENCRYPT AND BACKUP DATA
Emphasizing encryption is one of the top Windows 10 security
tips. If IT does not have a data encryption tool such as BitLocker in place, then users' personally identifiable data is
exposed to the world. Everything needs to be encrypted.
Admins should also find any users who do not have backups for
sensitive files such as customer records or financial forecasts. If they find
unbacked up files, they have to perform labor-intensive workstation backups to
close the security hole.
TRAIN USERS IN THE WAYS OF SECURITY
At the end of the day, teaching users about security is the
most important item on the Windows 10 security tips list because nothing
creates more security issues than users. They simply can't be trusted. Admins can put in as many
lines of defense as they want, but a user could still click a malicious link
and unleash major security problems. Email phishing in particular opens up a
lot of security holes.
Admins can't
completely prevent users from making mistakes but they can mitigate the risks
by checking that users always have Windows Firewall turned on and
that they do not have any unnecessary ports open. Admins must not rely solely
on Microsoft Windows Defender to
protect against malware. It can help, but it's a good idea to invest in a
third-party antimalware tool as well.
User passwords are also a problem. Users can forget their
passwords; write them down or reuse them over and over, all of which creates
security risk. A simple step IT admins can take to close the gap is to set
standards on how long and how complex users' passwords are. They can also force
users to change their passwords every so often.
IT should also turn to two-factor authentication so users
need more than just passwords to access their desktops. Windows Hello for Business allows
admins to combine a login factor such as a password with a biometric feature,
including fingerprints or facial recognition.
If users must work with cloud services, IT should
determine which cloud services they can use and what information they can share
on them. They can also keep an eye on users with Windows logging and system monitoring tools.
In addition, they should use WIP to
determine who can access what data and who users with access can share specific
data with. Still, users are always a risk so the best thing IT can
do is to educate them on good security best practices and
constantly remind them what to look out for. (Eddie Lockhart)
