Windows 10 comes with tons of great features for your business, including privacy and security tools for hardening your computer. This guide gives you our top tips and best practices for securing your computer and business operations. Many of these tips are pretty straightforward, free, or even seem deceptively simple. But together, these give you the essential cybersecurity tools and best practices for Windows 10 computers at your business.
Features that someone might consider “convenient” for everyday use can, unfortunately, make it easy for hackers to access your PC. For computers with access to large customer databases or government systems, optimizing your security settings is a critical task. Failure to properly secure your computer can leave you exposed and at risk of cyber-attacks by bad actors. Businesses’ looking to mitigate risks on the employee and organizational level should get compliant with industry standards and frameworks like SOC 2 and ISO 27001 because they were designed to help companies demonstrate and prove their commitment to security.
These days companies develop information security policies, which set guidelines and communicate anything employees are responsible for doing. If your business uses Carbide’s app to manage your infosec program, you can sign in and review your company policies. It’s simple to check any procedures in our guide below that you should follow.
So let’s look at these tips to set up your computer to protect yourself and your data.
10 Security Tips to Harden Your Computer and Protect Your Business
How Can You Harden Your PC?
Hardening your Windows 10 computer means that you’re configuring the security settings. This reduces opportunities for a virus, hacker, ransomware, or another kind of cyberattack. Our guide here includes how to use antivirus tools, disable auto-login, turn off remote access, set up encryption, and more.
You can think about security for your computer (with all your personal, financial, or company data), much like you’d think about security for your house. Hardening your PC is like you’re closing the doors and checking the locks. You want to make it harder for hackers to break in.
It might be convenient to leave the front door to your house unlocked or even open all the time. That way, you could avoid the hassle of carrying keys or even bothering with doorknobs. But doesn’t that go against the common sense we live by every day? We learn at a young age to close the door and lock it when you leave.
Leaving your door wide open is like an invitation for anyone to walk into your house. You’d make yourself an easy target for burglary.
Guide for Security Best Practices for Windows 10
Many of the settings or features we have on our computers function like “doors.” There are several different entrances and ways to access your PC as if they were doors that you could close and lock. Or doors that you can leave wide open, leaving your house vulnerable, so anyone can walk in and do whatever they want with your computer and personal data.
Access to your computer means they could steal or erase your data. They can encrypt your hard drive with ransomware and threaten to wipe your data unless you pay a ransom fee. They could install malicious code that corrupts your entire system. Or they could connect to all the computers in your company network and cause widespread damage to your business.
You can use the below security best practices like a checklist for hardening your computer. With a couple of changes from the Control Panel and other techniques, you can make sure you have all security essentials set up to harden your operating system.
PC Hardening Guide: Protect Your Windows 10 Computer from Hackers, Viruses, Ransomware, and More
1. Disable Windows 10 automatic login.
This is one of the first settings that you should change or check on your computer.
When you first set up a new PC with Windows 10, you create a user account. By default, your new account is set to log in automatically at startup. If you’re at home all the time or don’t have access to any sensitive data, then this might not be a problem. But it can create a serious security risk if anyone can open your computer, then immediately get access to your data and company systems. This is especially important if you travel with a laptop, bringing it with you to places like a coffee shop, airport, or open co-working spaces.
Depending on the security policies at your company, this may also be something your employer requires.
It is easy to disable, so in only a few steps, you can turn off auto-login. Get the steps here: How to Disable Automatic Login in Windows 10
Bonus tip: If you do travel with your laptop or work from public places, you may want to get a privacy screen protector. Those can make the screen look dark to keep a criminal from “shoulder surfing” and seeing your private information. Privacy screens can also reduce glare and make the screen easier on your eyes, another reason to get one.
2. Set a password with your screensaver.
There’s no reason someone in your office, home, or travel location should be able to access your system if you step away for a few minutes. It’s a good idea to make sure your PC automatically locks after a set period of inactivity.
While it’s actually a security setting, you’ll find it inside the “Appearances and Personalization” section within your Control Panel. You can turn this on when you adjust your screensaver settings. It’s easy to choose the time until a screensaver displays, set the screen saver, and turn on the setting that brings you back to the login screen when you come back.
Security starts with following the most basic protocols. So make sure you password protect your PC.
Get the steps for password protecting your PC after a screensaver here: How to Set a Windows Screen Saver Password
3. Turn on your firewall.
In recent versions of Windows operating systems, including Windows 10, your firewall is enabled by default. Easy enough! You’re probably all set here. But it doesn’t hurt to check your settings to make sure your firewall wasn’t turned off.
Windows Firewall is a built-in network security system. It’s designed to prevent unauthorized access to or from your private network.
Network firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet would pass through the firewall, which examines each message and blocks any that don’t meet the specified security criteria.
If you want to check the settings for your Windows Firewall, we have instructions for you here: How to Turn on the Firewall in Windows 10
4. Disable remote access.
In Windows 10, you have the Windows Remote Desktop feature that allows you (or others!) to connect to your computer remotely over a network connection. Remote access allows someone to control everything on your computer as if they are directly connected to it.
Unfortunately, hackers can exploit Windows Remote Desktop. In more than one cyberattack, criminals have gained to tried to gain control of remote systems, installed malware, or stolen databases full of personal information.
By default, the feature is disabled. Once enabled, however, it’s easy for you to disable it again. You want to keep the remote access feature turned off, except when you are actively using it.
We have the steps you need to turn off remote access in Windows 10 here: How to Disable Remote Access in Windows 10
5. Enable or install antivirus protection tools.
You can prevent viruses and malicious code using your built-in tools in Windows 10. You can also install additional antivirus software if you need to (we have some of our favorite listed inside Carbide’s Marketplace).
Enterprise editions of Windows 10 include Windows Defender Advanced Threat Protection, a security platform that monitors endpoints such as Windows 10 PCs using behavioral sensors. Microsoft’s SmartScreen technology is another built-in feature that scans downloads and blocks the execution of those that are known to be malicious.
Learn more about enabling your Windows 10 antivirus tools here: How to Check for Viruses Using Built-in Tools in Windows 10
6. Enable auto-updates for your operating system.
You should install urgent security updates right away. Some Carbide patches are critical fixes for protecting you from a new type of malware or cyberattack.
Your company may have a security policy about updating your operating system too. You’ll want to see if you’re supposed to install updates right away, or if your IT team will tell you when you should install updates. Depending on your company, your IT team may be responsible for updating your operating system.
Ultimately, don’t be that person who ignores operating system updates for critical security patches. (Even if you heard about a design change that you might not like). Microsoft does keep it relatively simple by setting up two different types of updates: quality updates, feature updates. They’ve long also kept a schedule for updates, known in the IT world as Patch Tuesday.
If your business is running on an older version of Windows? Make sure you upgrade your operating systems before they become a security nightmare. Support for Windows 7 ends in January 2020, which means anyone still using it (or an older OS!) will be at risk for new malware or virus attacks.
See more about enabling auto-updates here: How to Enable Auto Updates in Windows 10
7. Set up file backups.
Routine file backups are essential for protecting yourself from losing important data if you have a sudden hard-drive failure or your PC get a virus. Windows 10 comes with tools and features that make backing up your data easy.
- You can use File History and other free tools in Windows 10 to create file backups.
- You can create a recovery drive to restore your system from an image backup.
- With a storage-sync-and-share service, you can put your backups in the cloud. These are easy to set up, especially some of the most popular ones like OneDrive, Dropbox, or Google Drive.
For large companies, or even startups and small businesses, file backups are critical for recovering from a cyberattack incident or disaster. After the devastating cyberattack known as NotPetya, system backups were crucial for recovery when malware crippled the IT systems of multiple global companies and government agencies.
Start simple and see how you can use the built-in File History tool: How to Set Up File Backups in Windows 10.
8. Turn on encryption.
BitLocker is Microsoft’s proprietary disk encryption software, included with Windows 10. Encryption is a security technique that might sound intimidating, but in this case, it is as easy as clicking “Turn on Bitlocker.” Bitlocker has you set a password, gives you a recovery key, and shows you an option to “Encrypt Entire Drive.”
Encrypting your data with Bitlocker is free, and you don’t have to install anything. Encryption encodes your data so only authorized users with your password can view, copy, or make changes. If your encrypted information were stolen, it would be unusable. Encrypting your entire drive also protects against unauthorized changes to your system, like firmware-level malware.
Encryption is a best practice, commonly included in company security policies, including Carbide’s infosec app for businesses.
See our full instruction here to enable Bitlocker encryption: How to Encrypt a Hard Drive in Windows 10
9. Set up your user accounts.
How you set up accounts on your computer helps secure your device from the start. If you don’t have an IT department telling you what kind of account to set up, it’s up to you to decide between using a local account or a Microsoft account. Using a Microsoft account has several benefits since you can enable two-factor authentication, sync your data, and get options for password recovery. There are even more options and security features for accounts using Azure Active Directory (including central management) if your business is set up with a custom domain.
You can also set up multiple accounts with different levels of permissions:
- Administrator Account: The first account on a Windows 10 PC is a member of the Administrators group and has the right to install software and modify the system configuration.
- Standard Account: Additional accounts can and should be set up as Standard users. You can use a Standard user account for your regular use, which limits access to the Administrator account, preventing a nontechnical user from inadvertently making changes to your system or helping block an unwanted software installation.
- Guest Account: By default, a Guest account has a blank password. Since the Guest account provides anonymous access to your computer, it is a security risk and a best practice to leave the Guest account disabled.
10. Set up a password manager.
If you frequently forget the email you used to sign up for an account or your password, you’ll LOVE using a password manager.
Windows 10 and your browser may have some features for saving passwords, but a best practice in the infosec world is to use a dedicated password manager. It’s like upgrading from a tiny safe in your house to a vault in a world-class bank.
Password managers have you create a master password for your “vault” of sensitive accounts and login information. The best ones sync can automatically add new passwords, sync with your phone and computer, generate and autofill strong passwords, and let you share a specific password with coworkers or friends.
As hackers are getting better and better at stealing or cracking passwords, technology companies are forcing us to make our passwords stronger and more complicated. That also means more people start re-using passwords. But if one password is stolen in a data breach, that password could then give nefarious actors access to multiple accounts with your personal, financial, or professional information.
You might have heard of password managers like Lastpass, 1Password, Keeper, or Dashlane. There are more. Pick one that looks good to you and start using it. Several password managers, like Lastpass, offer a free version that will give you all the basic tools you need. We have some of our favorites listed in Carbide’s Marketplace too.
Your company may also have a required password management software, with an administrator who will create an account for you. Whatever your company policies say about password strength or storage, you’ll want to make sure you’re following that standard.
Check out our guide on password managers here: How to Use a Password Manager
Harden Windows 10: Close the Doors and Check the Locks
You might think a lot of security advice for users boils down to “don’t be dumb.” Use strong passwords. Be careful about the links you click and watch for phishing or scam emails in your inbox. Only download or install software from sources you trust. Don’t leave doors open or your operating system vulnerable to hackers.
Yet, these myths about security are why companies need security policies as the foundation for an infosec program. You want to make sure you know what your company holds you responsible for doing. Management, even at a startup or SMB, needs to make sure they’re clearly communicating the expectations about security and protecting company data to employees.