Microsoft’s Windows operating system has been the primary target of all sorts of attacks – hackers, viruses, malware and what not – given its wide user base and vulnerability to various attacks. Windows 10 has received a fair share of flak over some of its features and policies regarding the user’s data use, but Microsoft has been pretty reliable when it comes to the user’s security.
Microsoft has learnt a lot from all this targeting of Windows users and has built robust security features into Windows 10 itself. Of course, all these features and other tools cannot keep your system secure unless you are a vigilant user. You should be aware of the security and privacy settings on Windows 10 and configure them as per your needs.
Steps to Strengthen Windows 10 Security
Enable and Configure the Windows Defender
Windows Defender is Microsoft’s in-house security tool to protect your system from viruses and other malicious software. In Windows 10 it can only be turned off temporarily and it will enable itself automatically after a while.
Here’s how to check Windows Defender status on your PC
Go to Windows Settings > Update & Security > Windows Defender to toggle it.
You can also toggle security notifications, cloud-based protection and automatic submission of suspicious files to Microsoft from these settings. It would be better to keep them all enabled as they only work to improve the security of your system. If there are specific files, folders, file extensions or processes that you do not want to scan for malware, you can add them to an exclusion list.
You have the option to run the Windows defender offline. It uses the latest threat definitions but will restart your computer in the process.
Enable Regular Updates
System updates often have patches to security vulnerabilities in the OS. You should upgrade as regularly as possible.
Go to Windows Settings > Update & Security > Windows Update to configure the update settings and schedule.
Under ‘Advanced options’, you may choose to receive updates for other Microsoft products as well along with the Windows update. If you use multiple products from the Microsoft Suite, for example – Microsoft Office, this is a good option to have multiple updates done in one go.
Check and Configure Your Sign-in Options
Since Windows 10 was designed keeping in mind the different requirements of PCs, laptops and tablets, it offers several sign-in options and not all might be available on all devices.
Go to Windows Settings > Accounts > Sign-in Options to access the sign in options for your device and choose the one you need.
Windows Hello – You can use Windows Hello to sign-in to your device using facial recognition, iris scan or fingerprint verification. You need specific hardware to use this feature, but it can be a very convenient way to sign-in to your Windows device.
Password – The good old way of accessing a device. This can be the password of your Microsoft account or the local account.
Pin – Set up a pin for accessing your device. It can be larger than 4 digits and it is recommended that you use a larger number, just for the sake of increased security (I use a 10 digit code). You can always use the ‘Forgot my pin’ option in case you don’t remember it and need to reset it.
Picture Password – This method of signing-in is aimed at devices with a touchscreen. You can choose a picture and draw a gesture on it which are used in combination to create your own unique password. You can use straight lines, circles and taps to create the gesture that you want.
Given that the password depends on a variable input (your gesture), you should have a normal password or pin set up as an alternative sign-in option, just to be safe and not get locked out of your device in case your gesture is not recognised.
As an added security measure, you might want to turn off the ‘Show account details on sign-in screen’ setting. That way, your email address is also not shown to somebody who might just be handling the device and does not have access to it.
You might want to check and manage the user accounts on the device to make sure that there are no unwanted accounts on it.
Enable Windows Firewall
A firewall prevents an external agent (hacker or even some software) from accessing your PC over the network. You should keep the Windows Firewall enabled, especially on private computers.
Go to Control Panel > System and Security > Windows Firewall > Customise Settings to configure the behaviour of the firewall on private and public networks.
Enhanced Privacy for Increased Security
As it is, Windows 10 is not the most privacy-conscious OS. It is a privacy concern that a lot of information on your system can be accessed by not only Windows but also third-party apps and services. Often, these apps have no business having access to this data and you should restrict this from the privacy settings in Windows 10.
These settings are similar to the permission model on iOS and Android. You can restrict specific apps from getting access to specific data. One standing concern is that, be default, all permission requests are granted and are set to ‘On’. You have to go and specifically turn off access to data or hardware.
Go to Settings > Privacy to check your privacy settings.
General privacy settings
- Advertising ID – It is used to tag all the information about the user and generate a profile that can be used to target ads. Leaving it on means you can be targeted in Windows or online with ads that you may like. Turning it off means that the ads may then be generic.
- SmartScreen – It is a filter for malware and it is better to keep it enabled. You can also disable SmartScreen from the control panel.
- Cross-device app access – If you want to let apps on your other devices open apps and continue from where you left off on this device, enable these settings.
- Location – Turn off location settings if you don’t want the apps to access any location data.
- General location – If location is enabled but a precise location is not available, information about the city, zip code or region might be used.
- Default location – Do you want to provide a default location to be used? Provide it here.
- Location history – History is built is location is on. You can clear it from here.
- Apps that use location data – Choose the apps that you want to allow access to your precise location.
Note that Cortana needs to know the location to offer some of the features. Turning off location completely may render some of the features unusable.
Camera, Microphone and Radios
Being hardware components, we recommend that the access to these should be strictly restricted. I don’t have a camera or a microphone attached to my PC, but according to the settings, open access was given to several applications.
Account information settings, Contacts, Calendar, Call history, Email and Messaging
Choose which apps can access this data as it is quite personal and no app should have unnecessary access to it.
Choose which apps should be allowed to run in the background when you are not actively using them. For devices running on a battery, reducing the number of background apps can conserve power and increase the battery life.
Feedback and Diagnostics
Microsoft can ask you feedback about the OS frequently or never, depending on your settings. Also, you can choose how much data about your device do you want to be sent to Microsoft. Unfortunately, this setting cannot be turned off. Your best option would be to set this to ‘Basic’.
Avoid Using a Microsoft Account and use a Local Account
Instead of using your Microsoft account on your PC, you can choose to use a local account. Even if you already have a Microsoft account, you can convert to a local account. If you use a local account, all the information about the device usage is private and local.
It is more secure and always accessible. Also, it means that your PC password and your online account passwords are different, and even if one is compromised the other one is safe.
The downside is that some of the apps need a Microsoft account to be used and your apps and data will not be synced across devices if you log in on multiple devices. Also, you can link your Windows activation key to your account so that you don’t lose your license.
Go Beyond Windows for Better Security
There are a few things that you can do to keep your Windows system protected outside of the features that Windows offers by default.
- Use a VPN
- Use a third-party Antivirus software – even Microsoft recommends it!
- Use a third-party Anti-malware software
- Secure your Wi-Fi network and Router
- Enable two-step authentication for your Microsoft account
- Restrict physical access to the computer as much as possible.
Got any other tips for better privacy and security on Windows? Share with us below.