How to Manage Top Security Threats in Windows 10
For companies just making the move to Windows 10, it’s worth tackling the basics before moving on to more strategy-driven protection. Start with:
- Handling user accounts and identity — Deploying a combination of tools such as Microsoft Passport, Windows Hello and Microsoft Azure Active Directory helps limit potential use risk. Passport provides a multifactor password alternative, while Hello deploys biometrics and Active Directory takes identity and access management (IAM) into the cloud. Cavalancia makes it clear that “bad guys can’t do anything without credentials.” Leveraging Windows 10 tools to implement least-privilege protocols confounds most cybercriminal attacks.
- Securing physical devices — Here, it’s a good idea to implement UEFI Secure Boot and create a Windows 10 save point. Secure Boot helps maintain OS integrity by preventing hardware-based malware installations, while save points provide a safety net if new application installations go south.
- Protecting critical data — Microsoft BitLocker empowers configurable disk encryption, while Enterprise Data Protection tools permit integrated data separation and containerization along with file-level encryption to defend data at scale.
- Detecting new threats — Microsoft Defender tools, including Device Guard, allow businesses to lock down desktops and devices and compel applications to prove their trustworthiness, while the Windows Defender Security Center makes it easier for IT teams to control firewall, anti-virus and anti-malware solutions.
MORE FROM BIZTECH: Learn about Windows 10 LTSC and whether it's right for your business.
Windows 10 Implementation Guide: Cybersecurity Best Practices
Approach is everything. Even with the best tools available, businesses need to implement security best practices that align with both organizational goals and existing technology deployments.
First, define your update schedule. For business IT departments, there’s a tendency to avoid immediate updates in case the latest Windows version causes problems for current deployments — but waiting too long puts critical data at risk. Best bet? Find a middle ground. As noted by ZDNet, the Windows Update for Business lets IT teams defer quality updates for 30 days and feature updates for two years. Settle on a schedule that works for you — between seven and 15 days is often enough time to ensure there are no compatibility issues — and then stick to it.
It’s also a good idea to “look for ways to enhance existing security with Windows 10 integrated solutions.” While third-party tools can help address specific concerns, limiting the number of interlocking technologies on your network also limits the number of potential gaps.
Finally, Cavalancia recommends that businesses “always, always, always think about security as a layered defense.” No single solution provides complete protection. By regularly assessing their security posture, companies can find critical weaknesses and identify the best solution — Windows or otherwise — to increase overall protection.