BASIC WINDOWS 10 SECURITY TIPS

UPDATE EVERYTHING

Microsoft does a good job keeping Windows 10 and its built-in tools updated, but Windows Update can fail sometimes so performing manual scans is a good idea to make sure the latest updates worked.

For organizations where the desktop OS(Operating System) is image-based, it's a good idea to rebuild the OS image once in a while to make sure every image is completely up to date. If admins just assume everything is set, an image could be missing an update which opens up security holes.

Third-party software such as Adobe Reader needs updates and patches. Because most organizations have a lot of third-party software and third-party vendors often release updates at unpredictable intervals, it can be a struggle for IT to keep up. As a result, admins should invest in patch management tools that scan users' devices for any software with missing patches.

ENCRYPT AND BACKUP DATA

Emphasizing encryption is one of the top Windows 10 security tips. If IT does not have a data encryption tool such as BitLocker in place, then users' personally identifiable data is exposed to the world. Everything needs to be encrypted.

Admins should also find any users who do not have backups for sensitive files such as customer records or financial forecasts. If they find unbacked up files, they have to perform labor-intensive workstation backups to close the security hole.

TRAIN USERS IN THE WAYS OF SECURITY

At the end of the day, teaching users about security is the most important item on the Windows 10 security tips list because nothing creates more security issues than users. They simply can't be trusted. Admins can put in as many lines of defense as they want, but a user could still click a malicious link and unleash major security problems. Email phishing in particular opens up a lot of security holes.

Admins can't completely prevent users from making mistakes but they can mitigate the risks by checking that users always have Windows Firewall turned on and that they do not have any unnecessary ports open. Admins must not rely solely on Microsoft Windows Defender to protect against malware. It can help, but it's a good idea to invest in a third-party antimalware tool as well.

User passwords are also a problem. Users can forget their passwords; write them down or reuse them over and over, all of which creates security risk. A simple step IT admins can take to close the gap is to set standards on how long and how complex users' passwords are. They can also force users to change their passwords every so often.

IT should also turn to two-factor authentication so users need more than just passwords to access their desktops. Windows Hello for Business allows admins to combine a login factor such as a password with a biometric feature, including fingerprints or facial recognition.

If users must work with cloud services, IT should determine which cloud services they can use and what information they can share on them. They can also keep an eye on users with Windows logging and system monitoring tools. In addition, they should use WIP to determine who can access what data and who users with access can share specific data with. Still, users are always a risk so the best thing IT can do is to educate them on good security best practices and constantly remind them what to look out for. (Eddie Lockhart)