Security and Windows 10

Everything you need to know about its new security features (and new concerns)

As users migrate to Windows 10, they – and you – will see improvements and new challenges. Perhaps the most significant change a new user will encounter switching to Windows 10 is its default settings and their lack of privacy.

Every new Windows 10 user should take some time to check out their privacy settings. You’ve got a lot of options, and with a lot of options comes a lot of opportunity to slip up.


Microsoft’s virtual assistant is a fun feature, but is also relatively unfriendly to privacy. It collects information about your location, location history, voice input, searching history, calendar details, content, and communication history from messages and apps. Fortunately, you can turn Cortana off. You’ll lose the benefits of your virtual assistant, but increase your privacy. Is Cortana worth the risk? Or is it better to err on the side of caution? The final decision is up to you, but be sure to fully understand what information Cortana does monitor and share.

Privacy settings

On a more granular level, Windows 10 lets you dig in and control a lot of privacy options, but unfortunately defaults on the side of information sharing rather than privacy. For example:

  • Windows 10 begins with your “advertising ID” turned on, which helps connect you with targeted ads. Prefer not to receive targeted ads? Turn this option off under your general privacy settings.
  • Windows 10 also defaults to tracking your location. Under your privacy settings, you can determine which apps can use your location information, if any, but you need to dig in and change those setting yourself.
  • Other privacy settings you should consider turning off: your webcam; your microphone, which you can set to allow certain apps like Skype to access; and account information. You can also disable keylogger under privacy settings as well.

Many of the security best practices of the past remain best practices with Windows 10 as well. Be sure to:

  1. Stop the threats
    Start with the obvious: use an antivirus to prevent, detect, and remove all the different types of malware that has the potential to cause considerable damage to your systems and your data.

  2. Ensure safe web browsing
    We spend all day online, both at work and in our private lives. Hackers constantly find new ways to steal confidential information, spread malicious code, and more. Making sure you can browse safely should be priority one, on Windows 10 or any operating system.

  3. Keep computers patched
    Stay up to date. Attackers are constantly finding new exploits and ways to steal your data. By ensuring you’re up to date with the latest patches, you’ll plug potential leaks in your defenses. This is not just about your operating system – hackers also look to applications your browser loads to view media, documents, and other file types.

  4. Bolster your DLP
    Malware becomes quieter and more nefarious every day. Instead of noisy attacks, we now see criminal enterprises looking for ways to quietly steal your data. Bolstering your data-loss prevention (DLP) can help protect you, through processes like application management, device control, data policy control, and encryption.

  5. Manage user privileges
    You’ve got more options than ever to manage your user privileges. Network administrators can prevent users from making system-level changes without an administrator’s approval, better securing desktops from drive-by malware attacks taking advantage of users’ administrative rights. Authorize behaviors you know are safe and limit behaviors you know incur risk.

  6. Prevent security loopholes
    Users are more on the move than ever. With multiple devices in multiple locations, the opportunity for security loopholes is enormous. And, it’s getting harder to ensure that all of those devices, from laptops to smartphones, are set at the level of security you need. Whether your users are on their iPhone, laptop, or tablet, they’ll need up-to-date antivirus solutions and enabled firewalls.

  7. Educate your users
    No matter how safe you make a device, an uneducated user can still put your data at risk. A safe-computing policy should include rules that prohibit downloading or running executables directly from the internet or via email. It should also prevent your users from opening unsolicited documents and spreadsheets, or from playing computer games or using screensavers that did not come with the operating system. Even in a world where employees bounce from computer to smartphone to tablet all day long, there’s still a significant knowledge deficit among users about what behaviors are dangerous. Teaching them how to be safe can be just as important as installing the right settings or software.

Upgrading to Windows 10?

Using Sophos products and preparing to move over to Windows 10? Knowledgebase articles are available on the following products:

Sophos Mobile Control and Sophos PureMessage for Microsoft Exchange are unaffected by Windows 10.