Security tips for businesses using Windows 10
Windows 10 is the most popular Operating System (OS) in the UK today and offers many good built-in security features. Do they provide enough protection? And do the devices in your business have these security features enabled and configured correctly? Are there any additional steps can you take to protect your business?
Windows 10 offers many benefits to your business. The world’s most popular is flexible enough to operate large presentation screens along with handheld tablet devices. The familiar and intuitive layout means your teams can hit the ground running, even under stressful conditions like those we have experienced in recent years with the pandemic. The shift to cloud-based applications and storage solutions like OneDrive also makes it easy for everyone in your business to access data from home or on the go.
Another benefit of Windows 10 is its robust security offering. The OS offers many built-in security features like the Windows Defender suite of programs including Advanced Threat Detection, BitLocker and the Windows Defender Security Centre.
However, even if activated and configured correctly, these built-in security features can only offer so much protection. You may need more comprehensive protection than Windows 10 can offer out of the box. Your business must also adopt solid security practices to further increase its cybersecurity resilience, protect valuable data, and keep employees identities safe.
We talked about the many security threats faced by UK businesses in our previous article, Free guide to data backup and disaster recovery. When one of these threats becomes an unexpected and devastating reality, the result is often a data breach. Digital security breaches cost UK businesses billions of pounds every year.
“Cybercrime has a considerable impact on citizens and the Government, the main loser – at a total estimated cost of £21bn – is UK business, which suffers from high levels of intellectual property theft and espionage” – The Cost of Cyber Crime Report, 2018 (PDF, 1.5Mb)
In this article, we offer practical and effective security tips for protecting your business, its data and its people against today’s security threats.
Set strong password requirements
Many data breaches come as a result of stolen devices. In the age of working from home and working remotely away from secure office environments, this has never been more important.
Your business can have the most secure network, servers, and office building in the world, but if the devices your employees use aren’t protected to the same level, your data – and their identities – will be vulnerable.
The use of strong passwords is an essential part of protecting the security and identity of your business and its employees. Passwords are the weak point in systems and websites that cybercriminals actively target.
There are several factors to consider when creating secure passwords, including:
- Mixing lowercase, uppercase, numbers, and symbols
- Keeping passwords long
- Avoiding ‘keyboard patterns’
- Avoiding common, guessable passwords
- Not including personally identifiable information in passwords
It’s also important to change passwords regularly and avoid reusing the same password across different systems (including the Windows 10 user account) and websites. Passwords shouldn’t be shared either, of course.
Our previous article, Ultimate guide to password security, provides detailed information on creating secure passwords in your business
Setting a screensaver password is another important step in securing Windows 10. If people are stepping away from their computers at regular intervals, you need to make sure that no one will be able to access their devices.
Windows 10 requires that each user account is protected with a password. This would be considered minimal security. We recommend you require user accounts to be protected with biometric authentication like face or fingerprint recognition.
You should also enable multi-factor authentication (MFA) so your employees must provide a PIN that’s sent to their phone or email address or provide a random number generated using an authentication app like Authenticator.
You have the option of using Windows Hello for authentication in your business on newer devices. Windows Hello collects biometric data about users and uses it to verify the identity of the person attempting access to a device or file.
Active Directory and Azure AD
Active Directory (AD) is how users, customers, partners and devices authenticate to a Windows system and receive their rights for using it in different ways according to what permissions they have.
Azure Active Directory is Microsoft’s enterprise cloud-based identity and access management (IAM) solution. Azure AD is the backbone of the Office 365 system, and it can sync with on-premise Active Directory and provide authentication to other cloud-based systems.
Azure AD accounts are available for Office 365 Business and Enterprise customers and offer enhanced security for your business. You can use the Identity Secure Score page in the Azure AD portal to find gaps in your current security configuration to ensure you follow current Microsoft best practices for security.
If your business relies on AD, your disaster recovery plan should include information about all of the people and devices that access it. It should also include making backups of domain controllers on a regular basis and storing those in a completely separate network.
Ensure Windows Firewall is enabled
Windows Firewall is a built-in network security system. It’s designed to prevent unauthorised access to or from your private network.
In Windows 10, the firewall is enabled by default. But it’s worth checking that the firewall is active and cannot be disabled on the devices in your business.
Enable automatic updates for Windows
Security updates should be installed immediately on all Windows 10 devices. Some security patches are critical fixes for protecting you from a new type of malware or cyberattack.
There are many ways for your business to roll out updates to your Windows 10 machines. Windows Update for Business lets your IT administrator create a policy for deploying updates, for example. We recommend devising a deployment strategy for updates.
A Managed IT Support service will keep your systems and devices up-to-date, protected, patched, and secure, helping you avoid unplanned downtime, security breaches, and unexpected costs to fix issues and recover data.
Practice good software safety
Your employees should avoid (or be prevented from) installing any software from outside your workplace that is not approved or administered by your company. Unauthorised programs have the potential to create security vulnerabilities.
Windows 10 includes SmartScreen, a built-in feature that scans and blocks execution of known malicious programs. It can also notify Windows 10 users when they are about to visit suspicious websites and emails because it compares their reliability against Microsoft’s blacklist.
While SmartScreen can provide an extra level of protection against both phishing and malware attacks, it is also worth providing training to your Windows 10 users about good software safety. This will give them a complete understanding of the risks of trying to install unknown software, fonts, browser plugins, and so on.
Enable reliable antivirus protection
Windows Defender Antivirus (WDA) is Windows 10’s built-in, real-time protection against software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.
In Windows 10, WDA is enabled by default, but it’s worth checking that this is always switched on and cannot be disabled. It is also worth considering if it covers all of your antivirus needs, as some businesses may require more advanced antivirus protection.
In a 2020 performance test, WDA performed decently, stopping 99.5% of threats. It was ranked 12th out of 17 antivirus programs, which isn’t great. There were also some issues with a recent update released by Microsoft that temporarily reduced the effectiveness of the protection offered by WDA.
WDA is a free tool and, like any other kind of software, you get what you pay for. We recommend purchasing a more comprehensive Internet security suite like Norton 360 or Bitdefender’s premium Total Security package.
Data storage and backups
The Windows 10 users in your business should use OneDrive for Business or SharePoint whenever possible instead of storing their work only on their local computer.
By saving your files on a cloud-based company resource, your employees can be more confident that their files are securely backed up and always available, even if their local device gets damaged or stolen.
Windows 10 comes with tools and features that make backing up your data easy. Your Windows 10 users can use File History to create file backups and use a storage-sync-and-share service to store their backups in the cloud.
Turn on device encryption
Device encryption ensures that data on your employee’s device is safe from unauthorised access should it be stolen or lost. With large numbers of people working remotely now and in the future, this is a vital security step to protect your business data and your employee’s personal information and identity.
BitLocker is Microsoft’s proprietary disk encryption software. Encryption encodes data on the Windows 10 device so only authorized users with the password can view, copy, or make changes. If the encrypted information were to be stolen, it would be unusable. Encrypting the entire drive also protects against unauthorised changes to the system, like firmware-level malware.
Encryption should be considered an essential, ‘best practice’ step in securing the Windows 10 devices in your business.
Provide comprehensive security training
As you can see, there are many steps to take in order to effectively secure Windows 10, and it isn’t always a simple task to implement. Certainly, you wouldn’t be able to squeeze all the required steps and information into an email.
That’s why we recommend that every company provides mandatory cybersecurity awareness training for any employee (whether they are using Windows 10 or not). This should provide information about security threats and the steps individuals should take to secure their devices:
- Password security
- Spotting suspicious links in emails, texts and on social media
- Using public WiFi for portable devices
- Safe web browsing
- Safe file sharing
- Online meeting security and privacy
- Avoiding tech support scams
This would also be an ideal forum to take your teams through your security policies and what to do in the event of a breach. You need to have clear reporting mechanisms for security issues. In the worst-case scenario, you want people to recognise the signs of a security attack and immediately report to the right person. They may even need to take action themselves to identify and contain the issue.
That’s why good security training is so necessary.
Need help ensuring your Windows 10 workstations are up-to-date, protected and secure?
We help businesses and organisations across Scotland to secure their Windows 10 devices, business data, and employee’s identities.
Our Managed IT service ensures you have complete protection against security threats and data loss. You get comprehensive network and device security, proactive 24/7 monitoring, reporting and alerting, leading antivirus protection, patch management and more – all with a personal, reliable service for one manageable monthly payment.
Contact us today to begin the conversation about your IT security.