How to secure your Windows 10 PC out of box
If you’ve recently purchased a new Windows 10 PC (or have upgraded from an older version), you are probably wondering how secure the operating system is. Fortunately, throughout the years since the operating systems release, Microsoft has made Windows 10 pretty robust for the average user. However, despite all the security that’s been added to the operating system, there is still room for additional security. In this post, we are going to be highlighting how you can make your Windows 10 PC more secure.
Windows Privacy Settings
The very first thing you are prompted to do when you first turn on your Windows 10 PC is to configure all the settings to your liking. You might notice toward the end of the setup that you are asked to choose privacy settings for your device. This includes options such as location tracking, diagnostic data, online speech recognition, etc. However, it’s important to know that by turning on these settings you are allowing Microsoft to always listen and to always know where your device is at any given time. I don’t know about you, but I would rather not have Microsoft listening to every word I say or knowing every site I browse. If you’ve already gone through the privacy settings you don’t need to worry because you can customize the same options (plus more) after the setup has been completed!
To get to this menu, simply click the Start button on the bottom left of your screen (or hit the Windows Key on your keyboard) and type in “Privacy Settings”. The following window will show up.
In this window, you can customize your privacy options as you see fit. If you notice on the left-hand side there are privacy options for speech, camera, location, microphone, etc. If we look into the “Camera” permissions we can see that there are options to allow access to your camera from applications. Ideally, you want to have this turned off and enable it on a case-by-case basis. For example, if you are having an online interview, it would be important that your PC can access your camera for the duration of the interview.
For me personally, I always ensure that most of the options in the Privacy Settings are turned OFF as I want to minimize how much access applications can have to my personal information.
Enabling Automatic Windows Updates
Ensuring that your PC stays fully up-to-date is of the utmost importance, especially with most people working from home. When an application or piece of software is first released, there are bound to be many bugs or potential security holes that need to be patched. Failure to keep applications updated can cause attackers to exploit the vulnerabilities found within the applications. In fact, it was reported that in 2019, 60 percent of breaches involved vulnerabilities for which a patch was available but not applied.1
Fortunately, with newer versions of Windows, Microsoft has made sure that you cannot turn off Windows Update and has instead offered a pause feature in which you can pause updates for up to 35 days. If you are running an older version of Windows and want to enable automatically updating, simply do the following.
Start (Windows Key) > Type “Windows Update” > Windows Update Settings > Advanced Options > Under “Choose how updates are installed” click the drop-down menu and select Automatic (recommended)
It’s also recommended that you click the checkbox for “Give me updates for other Microsoft products when I update Windows”. This will automatically install updates for Microsoft products such as Outlook, Word, Excel, etc.
Create and Use a Standard User Account
When setting up Windows 10, Microsoft recommends you login using your Microsoft account. Using a Microsoft account offers some security features such as Two-Factor-Authentication and Windows Hello login features. This is great and all, however, what if your Microsoft account gets compromised? That could potentially allow somebody to remotely login to my PC as the account is connected to it.
The best practice when first setting up your PC is to make an offline standard user account and to ensure the built-in administrator account is disabled. Standard user accounts can use most software and change system settings that don’t affect other users. This is especially important if an attacker is able to establish a remote connection to your PC. If you’re on a standard user account they can mess with the account itself but not your actual system settings.
Creating a standard user account is fairly simple. First go to Start > Settings > Accounts > Family & other users > Under “Other Users” select “Add someone else to this PC”
When you try to add someone to your PC you might be prompted to enter the new persons Microsoft email. Simply click “I don’t have this person’s sign-in information” On the next screen simply click “Add a user without a Microsoft account” and follow the setup wizard.
While there might not be a reason to have backups as soon as you turn on your PC for the first time, it’s exceptionally important you set up a backup schedule via a physical device or the Cloud. Using the Cloud to store your backups is definitely recommended as Cloud storage can expand whenever you want it to, is more flexible than an external hard drive, and arguably more reliable than a physical device.
An example of Cloud Storage that comes with Windows 10 is Microsoft OneDrive. They set it up for you in such a way where whenever you save a file it automatically recommends using a OneDrive path instead of taking up physical space on your PC.
If you opt for the physical backup option you first want to connect your device to your PC then go to Start > Settings > Update & Security > Backup > Click “Go to Backup and Restore (Windows 7) > Create System Image > Select “On a hard disk” option and follow the prompts from there.
Now you will have a backup of your files on a physical device. Make sure to store it somewhere safe!
Windows Defender + Firewall
Windows Defender and Windows Firewall are the built-in software components of Windows that protect your home network and data on your PC from internet threats. On newer versions of Windows 10, both pieces of software are installed by default and are optimized with security in mind. However, it’s still important that you check to make sure they’re enabled. We can do the following to check if they are enabled.
Start (Windows Key) > Type “Windows Security” and click on the Windows Security App
In the following window we can see the “Security at a glance” which will show us if Windows Defender and Windows Firewall (plus more) are enabled.
Ideally, you should see all green checkmarks which confirms that the software is running. Keep in mind, you can turn Windows Defender OFF if you have installed your own anti-virus software. Your anti-virus will manage all the settings that Windows Defender would such as device security, web security, account protection, etc.
It’s also important to note that if an application or service you are running needs to be allowed through the firewall you can simply add a rule that can allow the application or service as opposed to completely disabling the firewall.
Windows Security > Firewall & network protection > Allow an app through firewall > Allow another app… > Browse…
Enable Dynamic Lock
Dynamic Lock is a noticeably handy feature offered in Windows 10 that allows your device to lock based on your distance from the device. This is accomplished by pairing a phone or tablet to your PC via BlueTooth. This way, if you have your phone in your pocket, you can just walk away and your PC will lock and require you to enter your password. While you could just press Windows Key + L before you leave your desk, there might be times where we forget and could have sensitive information on our screens that we don’t want people to see.
To enable this feature, first make sure you have a device paired to your PC that you want to enable Dynamic Lock on. Then go to Settings > Account > Sign-in options > Scroll down to Dynamic Lock > Click the checkbox “Allow Windows to detect when you’re away and automatically lock the device”
Now when you walk away from your PC with your paired device, your computer will lock!
Set User Account and Control (UAC)
UAC is a great feature that helps prevent malware from damaging your PC by notifying you when apps attempt to install software on your computer. Making sure your UAC is set to the highest or second highest setting is an extremely simple way to help bolster your PC’s security. We normally recommend you set it to the highest setting which will always notify you when apps try to install software or make changes to your PC or if you make changes to your Windows settings. However, doing this might not be practical depending on your job role. Another acceptable setting is the one below the highest which is the exact same except you can freely make changes to your Windows settings.
To edit UAC simply click Start > Type “User Account Control” > Change User Account Control settings
Create a Restore Point
Have you ever been working and accidentally deleted a system file or folder? Or you turn on your PC and service/applications aren’t working? Well, you aren’t alone and the good news is that Windows offers a feature to go back in time when your PC was working properly or when you still had that system file.
System Restore uses a feature called System Protection that will regularly create restore points on your PC. If System Protection is enabled, it will create a restore point every time you install a new app, driver, or Windows update.
To create a restore point simply click Start > Type “Restore Point” > Create a restore point
Above you can see that we are able to either select a restore point made for us automatically or we can create one ourselves. It’s recommended you create your own restore point and set it to a time where your PC was working the way you liked it.
All in all, these are some extremely simple ways you can bolster your PC’s security as soon as you turn it on. Remember that PC security requires due diligence and even though a lot of features may be enabled by default, it’s important that you double-check and make sure so you don’t run into problems down the road.