Security Tips for Windows 10 Users

No complex system will ever be completely secure, and that certainly includes Windows 10. Fortunately, there are some ways to beef up security, and many of them won’t cost you a dime. This article offers a quick summary of what to check, and what you can do to improve your security.

Keep Windows up to date. By default, Windows updates automatically. That means you might occasionally get an update you don’t want and can’t prevent. But generally, you’ll want your updates right away – some updates are urgent security fixes. To make sure Windows isn’t unnecessary delaying them, click Settings > Update & Security > Windows Update > Advanced Options, and review the settings there.

Set a log-in password if you haven’t already. Many users don’t establish a log-in password when they set up Windows. But without one, your computer is vulnerable to anyone who walks by or grabs your computer. And you better hope you don’t leave it anywhere by accident. To set up (or change) a password, choose Settings > Accounts > Sign-In Options. Under Password, click Add, and follow the steps there. (Alternatively, you can log on with the Microsoft Account password you use for Microsoft services such as Outlook.com, OneDrive, or Office 365. With a Microsoft account, you can sync all your Windows devices and back up important data on Microsoft’s servers – but Microsoft might also track your activity more closely.) As with creating any password, make sure it is strong and long, and include upper- and lower-case characters, as well as punctuation.

Consider additional sign-in options. For example, Windows 10 recently added Dynamic Lock, which lets you pair your computer to your smartphone via Bluetooth, and then automatically locks your computer whenever you carry your smartphone out of range. That’s also available through Settings > Accounts > Sign-In Options.

Make sure your security software is running and up to date. Windows 10 comes with basic malware protection. But if you’re here, you’re probably using a more complete, advanced alternative: Sophos Home. Our Premium version adds powerful artificial intelligence that halts malware it’s never seen before, provides advanced ransomware security, and includes banking and identity protection features. Sophos Home Premium lets you centrally manage security for up to ten devices, making it easy to protect your whole family.

Make sure other users don’t have Administrator privileges. Administrator accounts give people a lot of power over your Windows device. Nobody should run an Administrator account when they don’t need to. Set up individual Standard Accounts that prevent anyone who shares your computer from making major, potentially dangerous changes to your computer. Click Settings > Accounts > Family & Other Users. Next, choose Add someone else to this PC, and follow the instructions.

Keep applications updated and uninstall software you never use. The smaller your attack surface, the safer you are. Shrink it by uninstalling applications you’ll never use. That might be bloatware which came with your computer, takes up space, and potentially risks your safety and privacy. Or it might be old applications that weren’t programmed as safely, or are no longer supported. One common example: Microsoft stopped supporting Office 2007 on October 10, 2017, so you won’t get any more security or bug fixes for it. (If you must keep using an unsupported Microsoft program, make sure you install Microsoft’s final service packs and security fixes.)

Consider encryption. If someone steals your logged-on computer or remotely accesses your files, they can steal valuable data. Consider encrypting it. Windows 10 Professional, Enterprise, and Education versions come with BitLocker, which can encrypt your built-in or portable drives. To set up Bitlocker, open the Control Panel, click System and Security, choose BitLocker Drive Encryption, and follow the instructions. (Important: Make sure you safely keep a copy of your encryption key on a separate USB flash drive!) Or, if you’re running Microsoft Office, you can encrypt and password-protect individual files – for example, a spreadsheet where you track your finances. (In recent versions of Word, Excel, or PowerPoint, click File > Info > Protect Document, Encrypt with Password.)

Use a VPN on the road. Mobile Wi-Fi hotspots can be unsafe. If you’re doing anything important, use a VPN that encrypts everything you send and receive. Your employer might already provide and require a VPN for use with the company network, or you can set up your own VPN with Sophos XG Firewall Home Edition.

While you’re at it, consider tightening up your privacy. Explore Settings > Privacy and consider making changes such as these:

• Switch off your location. Stop Microsoft from tracking your current location by choosing Settings > Privacy > Location, and switching off Allow Access to this Location.
• Switch off your Microsoft Advertising ID. When you’re logged into a Microsoft account, your Microsoft Advertising ID follows you around, helping advertisers personalize ads based on what Microsoft knows about you. You can turn this off in Settings > Privacy > General.
• Tell Windows not to send your Activity History to Microsoft. In Settings > Privacy > Activity History, make sure to turn off Send My Activity History.
• Don’t use Diagnostics & Feedback data for marketing. In Settings > Privacy > Diagnostics & Feedback, make sure to turn off Tailored Experiences.

Finally, this article has focused on Windows 10, but what about older versions? Microsoft says it will end support (and security fixes) for Windows 7 on January 14, 2020, and it’s already ended support for every version older than Windows 7. As versions become outdated, they grow riskier, too. We hate to say it, but you may want to bite the bullet and upgrade.