Windows is undoubtedly the most popular family of operating systems for personal computers and laptops worldwide. It is used on home machines and corporate workstations alike, so the question of ensuring Windows user profile security is essential. This article provides some Windows computer safety tips we hope will be useful to you.
In order to understand how to protect Windows and what Internet safety measures are there, we must first understand what Windows security breaches are possible and widespread. Thus said, there are 10 major Windows security issues to keep in mind:
- Unpatched and outdated software.
- Lack of antivirus for Windows 7 or later versions.
- Disabled Windows firewall.
- Absent disk encryption and backups.
- Lack of minimum Windows security standards.
- Full access permissions for everyone.
- Weak passwords.
- Insufficient Windows security policy strength.
- Legacy software within the corporate network.
- Mobile access exploits.
Even this short breakdown of the main issues of Windows computer protection allows highlighting the massive problems any business can face if they prefer to leave the matter unattended. Luckily enough, there are multiple solutions for each of the aforementioned issues, and we will list them too.
1. Update Windows and Software Regularly
Disabling the automatic Microsoft Windows update is the easiest way to ensure the system won’t begin to upgrade while you are playing your favorite online game, yes. However, this is the shortest route for the hackers to get access to your system once they are inside the network. Still thinking that providing that full access to anyone was a great idea?
When you use only licensed and fully updated software, the risk of catching a virus is significantly reduced. Do you recall the 2017 Petya ransomware attacks in Europe? It turned out the major part of infestation was done through a security backdoor that was fixed by a Windows update released… 6 months prior to the attacks! If only the users had 10 minutes to download an install it…Instead, they either paid ransom or lost their sensitive data.
Enable automatic Windows updates
For Windows 7 update just go to your Windows control panel from the Start menu, there go to System and Security>Windows Update>Change Settings.
Then choose the time when you can spare about 15-30 minutes to download the Windows upgrade files, install them and reboot the computer — and rest assured your Windows system files are up-to-date. The same goes for all the software you use, as new vulnerabilities in multiple software and hardware tools are discovered daily, like these Meltdown and Spectre processor vulnerabilities.
Create a restore point
One of the best ways to secure Windows computers is to create a Windows restore point. Sometimes the new drivers are incompatible with some of your hardware, or update process may go awry, etc. There is a widely-known case when Windows 7 users have to download the outdated Nvidia drivers to play Heroes of Might & Magic VI, as any new version of the video drivers results in black screen. However, the consequences might be much more serious than the inability to play one of the best turn-based games of all times.
To create a system restore point on Windows 7 go to the Start menu, there to Control Panel>Systemand Security>System and go to System Protection tab. Press the Create button and choose the name for the new restore point.
Obtain a habit of creating Windows restore points from time to time, before installing the new computer software even if it’s computer security software. Make at least one restore point immediately after installing a clean Windows operating system, and rest assured you enabled one of the most efficient tools for security Windows can provide.
| Read also: Ransomware – to Pay or Not to Pay
2. Install Windows antivirus
This might seem ridiculous, but many people don’t bother with installing and configuring antivirus software for Windows until it’s too late and their computer is infected with viruses and spyware. How to protect your computer from virus attacks then and what is the best antivirus for Windows 7, 8, and 10?
A good antivirus software should include the features like:
- Email checker to block email malware,
- Net security screens to identify and drop dangerous Internet connections,
- Anti spyware module to ensure your Internet security
- Archive scanner to prevent executing malicious .exe files, etc.
These functions are available by default with the majority of antivirus software for Windows. The only difference is the fullness of the virus databases, the frequency of their updates and the range of options available towards the infected files. A really good antivirus must be able to identify the threat and disarm it, without damaging the file in the best-case scenario. However, such functionality is available only with the leaders of the market, which raises an obvious question — why opt for anything less than the best antivirus for PC?
There are many good examples of antiviruses for Windows, namely Dr.Web and Avast Antivirus. Kaspersky Lab was banned from use on the territory of USA and is increasingly considered more a spyware, than a virus protection software. Thus said, opting for either Dr. Web or Avast free virus protection ensures a decent degree of security for your PC.
As for Windows 10, one of the main questions about its security sounds like this: “Is Windows Defender enough, or should I install any additional antivirus for Windows 10?”
Windows Defender is a default antivirus software for Windows 8 and 10. It provides all the basic security options, runs quietly in the background and reminds about itself only when it detects a threat. Being maintained and updated by the Microsoft team, this is a decent all-around capable firewall protection and computer virus protection suit.
Unfortunately, Jack-of-all-trades cannot be an expert in anything. Windows Defender can protect your computer from spyware and various malware floating around, yet it cannot protect a Windows 10 laptop or PC from ransomware, malware and other highly sophisticated threats that are on the rise nowadays.
After all, it is strongly presumed that Kaspersky Lab products are spying after their users and provide much more admin access to your computer and data than they should. Thus said, we recommend opting for a paid version of a good antivirus for Windows 10, like Avast, ESET Nod32 or Dr.Web.
| Read also: Malvertising: Can It Be Stopped?
3. Enable Windows Firewall
Many Windows users have inexplicable hate towards Windows firewall — yet it is a highly useful feature that can block wireless intrusions, malware infiltrations, and other Windows security threats. Configuring the firewall protection might seem a daunting task, yet it must be only done once and you will enjoy the safety of mind and data security from that point onwards.
Windows 10 Firewall is actually a decent tool that protects your Windows PC against a wide variety of known Internet security threats. If you still prefer to stay away from Windows products — you can choose between several decent alternatives like Comodo Free Firewall and others.
4. Do Windows Backups regularly
Computers are great for storing information, yet they are not ideal. A hard drive might fail tomorrow, a fire can ruin the equipment, etc. In addition, burglars can steal your laptop leaving you devoid of personal data and obtaining the means for identity theft in the process. Do you have “autofill passwords” turned on and your banking accounts in the bookmarks? Well, there goes your money if the criminals obtain your device. Just never do that.
How to secure your personal data then? Regular backups help a ton with that task. There are three possible ways of doing Windows backups:
- Copying the content to external HDD/SSD drives
- Syncing the content with cloud backup services
- Storing all the important data in the cloud from the get-go
Copying your files to an external device is the cheapest and easiest way of doing a data backup, yet these devices must be stored offsite — in the office, at friend’s house or in the bank’s safe in order for such a backup to be efficient (and the questions of fires, earthquakes, and theft during commuting are still in place). File History tool helps to do this with Windows 8 and 10, while Windows Backup does the job for Windows 7.
Copying your personal data to the cloud using multiple online backup services like Backblaze, MozyHome or Carbonite ensures your files are always synced to the cloud, so losing an on-site device due to force-majeure or theft is now not so damaging. The only downsides include the fact that these services should be paid for and the backups usually last for no longer than 30 days.
The third way of enabling backups is storing all the essential data in your Google Drive, DropBox, iCloud or other cloud storage services. The downsides of this approach are the limited size of free storage available with such platforms, and the security considerations, as many naked celebrity photo leaks showed us. However, if you are not a movie star and are able to look after your passwords — your personal data will be absolutely safe with Google Drive or other cloud data storages.
As for data encryption, Windows BitLocker is provided by default with the latest versions of Windows. All you need to do is enable it in the control panel and it will quietly work in the background encrypting all the content of your Windows PC or laptop. As it encrypts the disk as a whole, you can no longer be afraid of losing your device or having it stolen — the criminals will not be able to get access to the encrypted data. As BitLocker does not require any additional configuration or installation, it is a very easy and reliable tool for ensuring your Windows security.
5. Follow strict security standards
This is especially applicable to company workers who are frequently working from home while commuting or from a business trip. Their Windows OS’s need to connect to corporate servers through public WiFi networks or via a 3G/4G/5G connection. The company must ensure such users leverage SSL access for their Outlook, a PPTP VPN connection for public networks or a WPA2-PSK protection for their home WiFi connection. Unfortunately, too many businesses care little about such cases — till the security breaches happen.
In order to prevent such damaging results, every Windows user must follow strict security standards when logging into their accounts over the public networks, from home or using the RDP (Remote Desktop Protocol) to login corporate network.
| Read also: Securing VPN with Two-Factor Authentication
6. Avoid enabling full access and separate the accounts
Windows system administrator account has supreme access rights to your system and personal data. Working under this account on your corporate workstation of from home is highly insecure. As a matter of fact, all user accounts must be set to Default security level in Windows User Access Control center, so each action that can involve altering the system settings must be approved by entering the administrator password.
The same applies to the access rights for shared files and folders. These should NEVER be put to full access, as there are many backdoors for malicious actors whenever they get FULL ACCESS to anything inside your corporate network.
7. Use strong passwords and two-factor authentication
We have mentioned this before, yet this is such an overwhelming problem (which has been around since dinosaurs), that this deserves a separate point of the list. Login/password combinations like Admin/admin, or 123456, or qwerty are too widespread. There is no excuse for such a situation — yet the people are lazy…
The only solution known so far is enforcing a strict password strength policy across the corporate network, along with enabling two-factor authentication for Windows login.
Read how to create strong passwords and remember all of them in the article How to Choose and Use Strong Passwords.
With Protectimus Winlogon – a two-factor authentication tool for Windows Login and Microsoft RDP protection, it’s very easy to set up 2-factor authentication on personal or corporate computers and protect remote access via RDP. It’s free up to 10 user accounts — more than enough for a small business or a startup with people working remotely.
8. Enforce strict Windows corporate security policies
Does your corporate workstation require a password-protected login via Ctrl+Alt+Del screen? Does it automatically lock the screen after 30 seconds of inactivity? Does it show the last username? Are you sure there is an audit logging for failed events (like failed login attempts) in place? These basic steps are easily configured through Active Directory Group Policies — are they enabled on your corporate machine, by the way?
As a matter of fact, Protectimus Winlogon 2FA tool can help with enforcing strict Windows corporate security policies too. It works well with corporate networks built on Windows Server 2012-2016 OS’s and easily integrates with Active Directory.
9. Drop legacy software for good
Legacy Windows OS like NT/Me/2000 are the goldmine of backdoor access points for a hacker. Even if these are absolutely crucial for running some legacy billing and accounting system in a bank, they put all the other systems in the network at risk. Truth be told, are these systems absolutely crucial in 2018?
Even if the costs of putting these legacy systems out of commission seems too high, keep in mind that these platforms are quite often the bottlenecks of your workflows. Just make the onsite or offsite backup of all the important data and rebuild the network without them. This will bolster both the network productivity and security levels.
10. Control the mobile access to your network
When 100% of the employees have mobile devices and can access the corporate network from them — both via WiFi and over the 3G/4G connection — the matter of ensuring the security becomes even more essential. There are certain weaknesses in any mobile devices phones (no matter if it’s iOS, Android or Windows phone) which must be taken into consideration when ensuring your corporate network security.
The best you can do is forbid using personal devices to access the corporate network and provide corporate laptops and smartphones for all the staff. Of course, it’s too expensive and not so many companies can do this.
But at least make sure that all the remote devices are connected to the corporate network via VPN, use two-factor authentication when accessing Windows via RDP, and regularly scan your network with packet analyzers like CommView, QualysGuard or OmniPeek.
| Read also: 10 Basic BYOD Security Rules
Final thoughts on 10 basic Windows Internet security tips
To sum it up, there are 10 essential threats to Windows security: outdated system and software, missing antivirus, disabled firewall for Windows, absent backups and disk encryption, weak Windows Internet security policies, working under administrator account and granting full access to shared files for everyone, using weak passwords, not enforcing strict corporate security standards, using legacy software and not controlling the mobile access rights.
However, by exercising caution and common sense, using free and paid security tools and following strict security guidelines every Windows user can ensure the safety and security of their personal and corporate Windows PC or laptop. Should you have any questions on the topic — please let us know in the comments below!
- 10 Steps to Eliminate Digital Security Risks in Fintech Project
- How to Protect Your Privacy on Facebook
- Man In The Middle Attack Prevention And Detection
- Top 7 Tips How to Protect Yourself from Phishing Scams
- Reddit was hacked: how it happened, who the victims were, and why SMS authentication failed