Privileged Access Management
Unified Endpoint Management
Email & Collaboration Security
Extended Detection and Response (XDR)
Powered by Heimdal Unified Security Platform
Managed Extended Detection and Response
24x7 SOC Services
Compliance & Data Governance
Start Free Trial
Let's get to it, shall we?
When installing Windows 10, you'll be prompted to either log into your Microsoft account, if you have one, or you can choose to use a local account.
If you choose to use a Microsoft account, you'll be able to synchronize some of your settings between your devices (if you have multiple laptops, PCs or mobile with Windows Phone, but also for your other online accounts, such as Skype, Xbox, Hotmail, Outlook or Office 365).
If you'd rather use a local account, you'll find that you're not as limited as you would've been on Windows 8 or 8.1. This is a good option if you only have one device you use Windows 10 on or if you want enhanced privacy.
Click on the Windows icon in the bottom-left corner. Go to the top of the window and click on the username (this can be either the local account or your Microsoft account).
Here, you'll find 3 options:
Change account settings
And Sign out.
Click on Change account settings to adjust detailed settings such as:
Billing info, family settings, subscriptions, security settings and more for your Microsoft account (if you chose to log in with it) - this setting will take you to https://account.microsoft.com/about, where you can manage all these details;
Sign in with a local account;
Choose a picture for your account or create one using your computer's camera;
Add other accounts to access email, calendar and contacts from; you have the following options:
You can also add another Microsoft account or a work or school account to your device:
From here you can also customize your sign-in options, such as:
Pick when Windows 10 should require you to sign in again;
Choose or change a password for your account;
Set up a PIN to use instead of passwords;
Set up Windows Hello to use biometric-based authentication, such as your fingerprint, instead of passwords;
Windows Hello helps address this challenge with a biometric alternative to passwords which provides enterprise-grade secure instant access to your Windows 10 devices* and Microsoft online services. Using just your finger print or even your face, Windows will greet you by name, providing a fast, secured, password-free way to log in.
Source: Security in Windows 10
Set up a picture password.
In the "Work access" section you'll be able to connect to your workplace or school account to get access to the data you have stored there.
In the "Family & other users" section, you can set up dedicated accounts for your kids or other family members, with settings of their own. Here, you can also create guest accounts with limited access, to keep your system and data safe from intrusion.
In the "Sync your settings" section, you'll be able to... sync your settings across devices (obviously). You can see, at a glance, what options you have and decide if and what data you want to make available on other devices you own that run Windows 10.
There's also another way to find the Account settings: Start > Settings > Accounts.
All Windows 10 versions.
If you choose to use a Microsoft account, you'll be able to sync settings such as: theme preferences, Internet Explorer settings, passwords, language preferences, Ease of Access and other Windows settings across devices.
However, if you chose to use a local account, you won't be able to sync settings and preferences across devices. Also, you won't have the possibility to install applications from the Windows Store, because it requires a Microsoft account to do so.
Set up an account that doesn't have administrator privileges to limit the damages that a potential malware infection can cause. Use a local account if you want to protect your privacy and send as little information to Microsoft as possible.
No matter which option you choose, we recommend setting a strong password for your Microsoft account or for your local account. Also, if your computer supports biometric authentication via Microsoft Hello, we highly recommend you start using it (today). Picture passwords are also a good way to enhance your security, so try out and see what works best for you.
For a more in-depth look at using user accounts on Windows 10, we recommend the following resources:
Should you use a local or a Microsoft account in Windows 10?
How to Set Up and Configure User Accounts on Windows 10
How to manage Microsoft and user accounts in Windows 10
This is your go-to section for security-related settings and more. Let's take a peek into what it can help you do.
You probably already got it from the name that this is the place where you get your system updates. And it's also where you can choose how to receive and install these updates.
Windows 10 has been criticized for limiting how users can manage Windows updates. The biggest change is that users can no longer selectively install updates. You get them all at once and they can actually be installed automatically or you can choose to be notified to schedule a restart.
You can choose to defer upgrades, but you'll still get security updates automatically (and that's a very good thing):
Some Windows 10 editions let you defer upgrades to your PC. When you defer upgrades, new Windows features won't be downloaded or installed for several months. Deferring upgrades doesn't affect security updates. Note that deferring upgrades will prevent you from getting the latest Windows features as soon as they're available.
Source: Defer upgrades in Windows 10
You may not be able to selectively install updates, but you can still see your full update history in the dedicated section:
And if you're an early adopter or just plain curious, you can check the "Get Insider Preview Builds" to be part of the first few who get updates and improvements for the OS.
Follow this path to find it: Start > Settings > Update & Security > Windows Update. Clicking on Advanced options takes you to the aforementioned options.
Well, in Windows 10, updates work by themselves. All you have to do is sit back and choose when to install them or just let them follow their course and install automatically.
If you really, really want to keep updates from installing automatically, there's a workaround, but we don't recommend it. Keeping your system up to date is crucial to your data's security!
Windows 10 will install operating system updates automatically, which is a great thing for your security. Keeping your OS and all your apps up to date is crucial for preventing malware infections and other cyber threats.
If you want to read more about Windows Update in Windows 10, check out these useful links:
What You Need to Know About Windows Update on Windows 10
How to Manage Windows Update in Windows 10
Windows Defender is a software that attempts to detect and remove malware from your Windows-based computer. Microsoft released Windows Defender as an antispyware program initially, but improved it and embedded it into the operating system starting with Vista.
In Windows 10, Windows Defender comes with real-time antivirus capabilities. Another benefit is that it's simple enough to use that anyone can enjoy its benefits. The software runs in the background, scanning your files and offering a basic level of protection for all Windows 10 users.
In terms of protection, you can't expect it to perform the way a paid antivirus would. Here is a snapshot of the analysis that AV-TEST performed in October 2015. On Windows 10, Windows Defender scored:
3.5/6 in terms of protection effectiveness
4.5/6 when it comes to performance
And 6/6 for usability.
Get there by following this path: Start > Settings > Update & Security > Windows Defender. Here, you'll be able to tweak the settings to your liking.
Windows Defender offers a primary level of protection for your PC by finding and stopping malware from running on your PC. You can also choose to enable Cloud-based protection and Automatic sample submission to send Microsoft data about malware samples. This helps improve your protection and enhances Windows Defender for all users as well.
Should you want it, you can select to add exclusions in Windows Defender, but this will make your PC more vulnerable, as those files won't be scanned (obviously).
When you open Windows Defender, you'll see that you can perform three types of scans: Quick, Full and Custom. If you choose to use Windows Defender as your antivirus product, we recommend doing a Full scan as often as possible.
If Windows Defender finds any malware or suspicious files, it will clean it up and quarantine the files automatically. Should this happen, you'll get a "Malware detected" notification or a "Detected threats are being cleaned" one.
In Windows 10, Defender will get automatic updates, which are delivered automatically via Windows Update.
In the History tab in Windows Defender, you'll see a list of quarantined items, allowed items and all detected items on your PC, if you're one to be curious about such details.
If you choose to use a different and more effective antivirus solution (highly recommended!), Windows 10 will automatically disable Windows Defender. That's because two antivirus solutions can't coexist on the same operating system.
All the options in Windows Defender will be grayed out and, when you try to open it, you'll get this message:
If you uninstall your antivirus of choice, Windows Defender will automatically turn back on and provide protection for your computer.
An important note is that you can also use Windows Defender offline:
If Windows Defender finds a virus it can't remove, it will prompt you to download and run Windows Defender Offline.
Once your download is complete, your PC will automatically restart into the recovery environment, where Defender will run a more complete scan of your system and remove threats.
Source: Using Windows Defender Offline
Use Windows Defender as a baseline antivirus to protect your system until you can find a more reliable antivirus solution. But please keep in mind that it can't ensure sufficient protection against advanced cyber threats, such as ransomware.
The following articles offer more in-depth advice on how to use Windows 10 or how to manage it to better fit your protection needs:
How to Use the Built-in Windows Defender Antivirus on Windows 10
What's the Best Antivirus for Windows 10? (Is Windows Defender Good Enough?)
Picking a Windows 10 Security Package
One of our favorite subjects is the constantly disregarded backup. There is no such things as too many backups, so we strongly encourage you to use this feature and some other backup systems as well.
Windows Backup provides a simple way to create a copy of your data on a connected disk drive (external storage device), so you can make sure that your data is safe if something happens to your computer. That something could be a malware infection, theft or physical damage, so don't believe it can't happen to you.
On Windows 10, the Backup option is extremely easy to use. It also provides a way to start your own backup routine to help keep your data backed-up over time. It's something you'll definitely thank yourself for!
There are two types of backups you can perform:
File History - useful if you want to back up your documents and other important files, and also the previous versions of those files. This way, you can recover older file versions if you need them
System image backup - this helps you create a full system image backup. You can perform a full system restore from this backup.
For more details on both these options, check out the recommended links at the end of this section.
As always, the Start menu is the place you want to begin with. The Backup option is also included in the "Update & security" section in your Settings app on Windows 10.
It's super easy to get started, so you really have no excuse for not doing it. Just select an external drive or a network location and then let the app do the work. According to Microsoft:
All set. Every hour, we'll back up everything in your user folder (C:\Users\username). To change which files get backed up or how often backups happen, go to More options.
Source: Back up and restore your files
Keeping at least one backup of your data is the best insurance you can get that your information will be available in case anything happens to your computer. It's recommended that you keep at least two back-ups of your data, one in the cloud and one on an external hard drive.
This small collection of links is exactly what you need to get step-by-step advice on how to back-up your data on Windows 10:
How to Use All of Windows 10's Backup and Recovery Tools
How to create an image backup in Windows 10 and restore it, if need be
How to use Windows 10's File History backup feature
You may find yourself in need to do a system recovery at some point. The cause could be one of the following, as presented by Microsoft:
By using your backup from a restore point, you can revert back to it to fix your potential issue.
In Windows 10 you get three different recovery options which give you different ways to do a system restore, either a full or a partial one.
Moreover, in case you upgraded to Windows 10, you'll have a month to change your mind and go back to a previous version of Windows.
This will keep your personal files, but it'll remove apps and drivers installed after the upgrade, as well as any changes you made to settings.
Source: How System Restore & Factory Reset Work in Windows 10
Go to Start > Settings > Update & Security > Recovery to start using any of the three options presented below.
In Windows 10, you have three options:
Reset this PC - this option lets you keep your files or remove them, and then reinstalls Windows;
Go back to an earlier build - if the Windows 10 build you have installed doesn't work for you, you can choose to go back to an earlier one;
Advanced startup - you can use a USB drive or a DVD to change the Windows startup settings, or restore Windows from a system image.
Backing up your data is one of the best things you can do for yourself, but knowing how to recover your data from backups is half of this process. Using the Recovery option offered by Windows 10 will help you save time and effort.
If you'd like to explore in detail each of the recovery options that Windows 10 features, these helpful resources will provide all the answers:
Recovery options in Windows 10
How System Restore & Factory Reset Work in Windows 10
How to Reset Your Windows 10 PC
Losing a device or having it stolen is one of the most terrible things that can happen to your digital life. We all know we shouldn't get so deeply attached to our laptops, smartphones or tablets, but we can't help it. Our stuff is on them and we need that stuff, either for work or personal purposes.
So it's a great thing that the "Find My Device" option was introduced in Windows 10. It works just like it would on a smartphone, if you're familiar with it. You can use "Find my device" to find your laptop if you misplaced it or if it was stolen (which we hope never happens).
This is a free service we recommend you enable (if you're not worried about Microsoft getting your location data).
The option is entirely new and Microsoft periodically gets your device's location so you can see where your laptop is. And, from our experience, its ability to pinpoint the exact place is quite good.
If you're worried about privacy issues, here is an excerpt from the Windows 10 Privacy Statement:
Examples of data we may collect include your name, email address, preferences and interests; location, browsing, search and file history; phone call and SMS data; device configuration and sensor data; voice, text and writing input; and application usage.
Source: Privacy Statement, Data We Collect
This is how to find the option on your device: Start > Settings > Update & Security > Find My Device.
First, in order to set up "Find My Device" you have to be logged into your Microsoft account and log in with administrator rights.
To change settings for Find My Device
Set up Find My Device to save your location every few hours so it's easier to locate your device. To change these settings, make sure you've already turned on the master location setting on your device and signed in on your device using your Microsoft account.
Sign in to your device as an administrator.
On your device, go to Start, then select Settings > Update and Security > Find My Device.
Turn the Find My Device setting on.
To find your device
Go to account.microsoft.com/devices. If you're prompted to sign in, use the same Microsoft account you used to sign in on your device.
Choose the device you want to find, and then click Find My Device.
You'll see a map with your device's location.
Tips from Microsoft:
Not seeing the latest location? Make sure you're signed in with the same Microsoft account as the administrator on your device.
Your device only sends its location if it's connected to Wi-Fi and has enough battery power.
Source: Find a lost phone or device
This feature can help you recover your lost or stolen computer, so it may be tremendously helpful when you least expect it. You'll have to trade off a bit of your privacy to do so (location data), but, in return, you can end up recovering your device when you most need it.
Leverage the "Find my device" option to keep your Windows 10 gadgets safe and locate them asap. These links can help provide more details on how to connect to your account and trace your device's whereabouts:
How to turn on Windows 10's Find My Device feature
Find a lost phone or device
BitLocker is a full disk encryption feature integrated into Windows 10 that you can use to protect your data by encrypting it. Using BitLocker is easy, because it's built into the operating system, so there's no need to use additional software to encrypt and decrypt your data.
BitLocker was first introduced to Windows Vista users and had been present on every Windows version ever since.
According to Microsoft:
BitLocker ensures that data stored on a computer running Windows Vista [in our case, Windows 10] remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks," attacks made by disabling or circumventing the installed operating system, or made by physically removing the hard drive to attack the data separately.
Source: Windows BitLocker Drive Encryption Step-by-Step Guide
Here's where it gets a bit technical, but bear with me. In Windows 10, BitLocker supports the XTS-AES encryption algorithm, which makes the encryption stronger. And there are also a few details that only apply to Windows 10 usage in companies, so, if you're interested, you can check out the details on the Microsoft website.
To find your encryption options, search for "control panel" in the search bar included in the Windows 10 taskbar.
Choose "System and Security":
And then go to BitLocker Drive Encryption:
BitLocker encryption is available on Windows 10 Pro and Windows 10 Enterprise.
As Microsoft says:
You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.
Source: BitLocker Drive Encryption
There are a few details you should go over before starting to encrypt your drive though, and we've collected them below.
Encryption is an important safeguard for both your security and your privacy. Keeping your data encrypted will help you protect it against prying eyes and malware attacks of all kinds. It may take a bit to set up your system, but it will be easier to maintain afterwards.
Ready to encrypt your hard drive and add an important layer of protection for your data?
The guides below will help you get set up and master BitLocker encryption like a pro:
How to enable BitLocker encryption without a TPM chip in Windows
How to Set Up BitLocker Encryption on Windows
Windows BitLocker Drive Encryption Step-by-Step Guide
This is a new feature integrated into the Windows Store. Long story short: every application distributed through the Windows Store has to be signed by either Microsoft or by a trusted vendor. This helps reduce the number of dangerous applications that can harm your data's safety or privacy from being sold or distributed through the store.
The Windows store in its actual form is rather new (it first appeared in this form on Windows 8). So the app vetting process is also recent. You may rush to compare it to the system that Apple uses for its App Store, but Microsoft's approach is probably not as thorough as Apple's.
However, this is a security layer that's more than welcome and that hopefully Microsoft will continue to build on.
You can find the Windows Store by clicking on Start > Store.
Once you find the app you need, scroll to Additional information and check:
The publisher's name
Its age rating (especially for protecting your children)
The type of permissions that the app requires
If it offers additional links for supplemental information.
Should an app cause you trouble, you can go to the app's page in the Windows Store and report it to Microsoft, so they can take the appropriate measures.
Microsoft or trusted vendors verify the app so that it meets the Microsoft Store security standards. Only after that will they allow it to show up in the store for distribution or sale.
In order to download or buy apps from Windows Store, you'll need to log in with your Microsoft account.
By knowing which details to check in the Windows Store, you'll be able to avoid installing rogue apps and thus giving cyber criminals a way into your computer. Also, the filter put in place by Microsoft will help keep you protected from most malicious apps.
There is not that much information out there about Trusted Apps in Windows Store, but this might help fill in some blanks:
Top Windows 10 Security Features Explained
According to Microsoft, SmartScreen Filter is a technology embedded into the Windows Store and in Microsoft Edge that helps protect you against phishing attempts.
SmartScreen has been around since Windows 8, so there's not much new about it. Read below for more information on how it works.
You can turn the SmartScreen Filter on and off by going to Start > Settings > Privacy > General. There, you can "Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use."
Remember that SmartScreen Filter is also embedded into Microsoft Edge. Here's how to find the option in Microsoft's latest browser. Follow this path: Edge > Settings > Advanced Settings and turn on "Help protect me from malicious sites and downloads with SmartScreen Filter."
According to Microsoft, here's how SmartScreen kicks into action:
As you browse the web, it analyses webpages and determines if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen will display a message giving you an opportunity to provide feedback and advising you to proceed with caution.
SmartScreen Filter checks the sites you visit against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen Filter will show you a warning notifying you that the site has been blocked for your safety.
SmartScreen Filter checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen Filter will warn you that the download has been blocked for your safety. SmartScreen Filter also checks the files that you download against a list of files that are well known and downloaded by many Internet Explorer users. If the file that you're downloading isn't on that list, SmartScreen Filter will warn you.
Source: SmartScreen Filter: frequently asked questions
Even though you may find the SmartScreen Filter annoying at first, it's really useful to have it on. We suggest you keep it activated for potential malicious apps that might try to install themselves on your computer.
If you're curious to read more on the SmartScreen Filter, here are two resources to help you achieve just that:
What is the SmartScreen Filter & How Does it Work?
SmartScreen Filter: frequently asked questions
Microsoft Edge is the default browser in Windows 10, and its role is to replace Internet Explorer on all devices in the Windows ecosystem.
Edge claims to be a rather safe browser, because of the various integrated security settings and because it limits add-ons and plugins that can have a potential harmful impact.
Bottom line: quite a lot. We won't get into the details of all the behind-the-scenes action here, but we'll mention some security aspects that you may find useful.
Microsoft Edge no longer supports the extensions VML, VB Script, Toolbars, BHOs or ActiveX. For non-techies, this means that Edge is more secure because it gave up on using some technologies that were often exploited by cyber criminals.
Edge also features increased protection against code injection, which is essential to protect against a large part of cyber attacks that target browsers (more details in this Microsoft blogpost).
The new Microsoft Edge also includes the SmartScreen Filter feature that we mentioned earlier, which is meant to protect users against phishing.
What's more, Edge constantly runs in a partial sandbox. Sandboxing is a technique used in security to run a program in a controlled and contained environment, so it can't affect other apps or data.
Java is not supported in Edge, but Adobe Flash is and let's not forget that Flash was one of the most vulnerable and exploited plugins in 2015.
Yes, Adobe Flash is supported as a built-in feature of Microsoft Edge. We continue to work closely in partnership with Adobe to provide this version of Flash, which we support and service via Windows Update.
Source: Microsoft Edge FAQ
Just go to the Start menu and you'll find Edge in the "Life at a glance" section, as Microsoft chose to name it.
Using Microsoft Edge can actually be safer than using Firefox or Chrome, as it doesn't support vulnerable plugins. It can also be protected with an additional security product which has web filtering capabilities and a VPN for enhanced privacy.
Protecting Microsoft Edge against binary injection
3 Security Features in the Microsoft Edge Browser that We Love
A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent...
Microsoft Edge Brings Bigger, Badder Security to Windows 10
Cyber criminals knew Windows 10 was coming and they've prepared for it. The new operating system brought some improvements in terms of security and some changes, but the most vulnerable applications continued to exist.
The most targeted applications you may be using on Windows 10:
Adobe Acrobat Reader
Adobe Flash and Flash plugin
It's no wonder that cyber criminals are keeping up with the times and adapting to Windows 10's specific elements.
In November 2015, our team at Heimdal Security picked up and analyzed a new variant of the infamous banking Trojan Dyreza.
The results of the analysis show that the info-stealer malware now includes support for Windows 10. This new variant can also hook to Microsoft Edge to collect data and then send it to malicious servers.
Moreover, the new Dyreza variant kills a series of processes linked to endpoint security software, in order to make its infiltration in the system faster and more effective.
The cyber criminals behind Dyreza often spread the malware via "spray & pray" spam campaigns, which are sent to random recipients.
Source: Security Alert: New Dyreza variant supports Windows 10 & Edge
Threats such as ransomware, banking Trojans and data-stealing malware won't go away just because a new OS is released. That's why it's important to know and adjust your security settings to counteract their malicious tactics.
And you're certainly interested in solutions, which we're very keen on offering.
Even if it claims to be "the most secure Windows" to date, Windows 10 is surely not impenetrable against cyber attacks. That's why you need additional applications to keep your data and confidential information safe.
There are 5 categories of security-related products we recommend you install:
Windows Defender can only offer baseline protection, but you need much more than that. Choose a reliable and strong antivirus product that's placed in the top 5 recommended AVs by experts (independent ones, if possible).
And because we know it's a difficult choice to make, here's a guide to help you pick the right one for your: What Is The Best Antivirus For My PC? A Step-By-Step Research Guide.
Antivirus can't provide 100% protection against malware or other cyber attacks. In fact, no security solution can. But if you use complementary solutions, then you can increase your protection against cyber criminals and their malicious tools.
If you're unsure why antivirus is really not good enough, here's a recommended read to help you see the big picture: Is Antivirus Dead? Meet The NextGen Anti-Hacking Tools.
You can't have strong security without strong passwords. And it's very often an aspect that users neglect. So much so that the most used passwords in 2015 probably make cyber criminals laugh.
We've all used the same password more than once, there's no shame in admitting it. But it's crucially important to stop doing it, for your online safety. If attackers break one of them, they will get into all of your accounts.
Here's a top 5 of reaaaally bad passwords that I hope will make you change your ways:
So we're obviously not good at passwords, which is why it's great to have some help. Here's a step-by-step plan to help you boost your password security:
Password Security 101: How to Manage Your Credentials Like an Expert in 8 Easy-to-Follow Steps
Encryption is all the rage right now, with talks around it spanning from government to private users. What we know is that encryption is necessary and very useful to protect our data from prying eyes or malicious attempts. Of course, we have to make sure it's done right.
If you don't want to use the built-in BitLocker encryption that comes with Windows 10 (the Pro edition), then there are plenty of alternatives. Here's a guide to help you choose the right encryption tool for you:
9 Free Encryption Software Tools to Protect Your Data
Data backups are exactly like washing your teeth before you go to sleep: you know they're good for you and you should do it more often, but you just can't seem to find the motivation.
With ransomware and other data-stealing malware out there, backups can be life savers! And the same goes for accidentally damaging your computer, having it stolen or what else could happen.
So do yourself a big favor and start a backup schedule. You can either do it using the backup tool integrated in Windows 10, or you can choose one of the many options available on the market. Or, even better, you can do both!
How to back up your computer - the best advice in one place
We hope that our comprehensive guide on Windows 10 security and privacy proved to be helpful. And to make it easier for you to put the advice into practice, here's a free and downloadable version of our guide. Save it on your device and check it whenever you feel the need.
Upcoming LIVE Webinar: Putting the Value in VAR - Your Catalyst to Revenue Generation (October 5th, at 11AM CEST)