Microsoft’s Windows 10 is rapidly replacing older operating systems in both personal and professional environments. As with any OS, however, there are several key things you need to know upfront. The addition of unique advertising IDs that inject Microsoft ads into your browser, recommended express privacy settings and cloud syncing of personal information can inadvertently overshare your sensitive data if you don’t take precautions.

Nine Tips to Stay Secure

Here are my top nine tips to help you maintain the appropriate level of privacy and security with your own Windows 10 installation.

1. Turn Off Ad Tracking

By associating a unique advertising ID with each account, Microsoft collects information to create personalized ad experiences across platforms. While that sounds good in theory, it is borderline creepy in practice. These ads will follow Windows 10 users from one device to another.

To disable the feature, go to the Privacy Settings menu and turn off General > “Let apps use my advertising ID for experiences across apps.” If you want to get rid of ads following you around on your browsers, head to Microsoft’s advertising opt-out page. You will also have to adjust your Bing account settings on the web to clear your Cortana history. If you’d like to disable built-in ads for Microsoft’s cloud service, navigate to View > Options in File Explorer. Scroll down and turn off the option for “Show sync provider notifications.”

2. General Annoyances

You should always use the custom setup install. The latest Windows has some really lousy default express settings for privacy, such as automatic hotspot connection, bad personalization and browser protection choices, error reporting and location awareness assumptions. You can always change these later, but why start out aggravated? Also, if you can choose the Pro version rather than Home, you can make changes to your individual policy settings using the GPEDIT.MSC tool, which is installed on the former but not the latter.

One more thing: You’ll find the Active Hours in the Settings menu, under Update & Security > Windows Update > Change Active hours. You can only designate up to 12 hours as active. Windows will not restart your device to install updates during these hours.

3. Avoid Edge Browsing

Microsoft’s Edge browser has gotten some big improvements, such as plug-in support and ad blockers, in the latest build. However, unless you are an absolute Microsoft fanboy, you should stick with another browser. “Microsoft is getting closer to providing a browser on Windows that could convince many to switch from Chrome,” according to The Verge. However, reports show that Edge is still not very secure.

4. Do You Really Need Cortana?

Speaking of which, with Anniversary Edition, you can’t turn Cortana completely off, because it now encompasses both desktop search and the personal digital assistant. But there are some things you can do to protect your privacy, depending on how much you want to use voice commands on your PC. If you navigate to Settings > Privacy > Speech, inking and typing menus, you can click on the “Get to know you” box to turn this off. Of course, this means the system won’t learn your voice commands.

5. Lock Screen Security

A set of features added to Windows for convenience might be a security issue,. For this, you want to visit the settings that affect the lock screen that you see when you first boot up your PC. To make it more secure, open the Settings menu and go to System > Notifications & actions and turn off “Show notifications on the lock screen.”

You’ll also want to go to the Settings screen > “Use Cortana even when my device is locked” and turn that off, and turn off the setting that lets Cortana access your calendar, email, messages and Power BI when your device is locked.

6. Turn Off Location Services

When you first set up Windows, it asks if you want to turn location services on globally. If you go into the Settings > Privacy section, you will see a set of choices for more granular control over location services. You can enable it for your login account and particular apps, and also clear location history on your PC.

7. Make Sure Defender Is Running

If you use Defender, make sure it is still running. Defender will turn itself off if it detects a third-party antivirus tool. You can check its status under the Update and Security settings. It sometimes forgets to turn itself back on — or takes a few days to remember — if you remove the other tool.

8. Enable Smart Screen

The one express setting that you probably want to leave turned on is Smart Screen, which is Windows’ method of protecting you from potential harm inflicted by unrecognized apps. It actually has three choices that you can revisit when you bring up System and Security > Security and Maintenance controls. To force admin approval before running these apps, just bring up a warning dialog box, or turn it off completely. You’ll probably want to leave it on the most restrictive setting.

9. Additional Steps

There are a number of other settings to consider adjusting. For example, you can limit which particular apps can access your camera and microphone. Similarly, you can limit the amount of diagnostic and usage data that Microsoft collects from your computer, although you can’t completely shut this feature down.

You can also revoke apps’ access to your Microsoft account info and control which apps you wish to run in the background. Some apps may be leaking information about your activities without your knowledge, so if you are ultra paranoid, this is for you.

Protect Your Digital Privacy in Windows 10

Windows 10 has introduced several new features that could pose a threat to digital privacy. While these tips are a good starting point, remember that future updates may add or change features, so always pay attention to the Windows Update notes to make sure you’re not giving away more than you should.

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]