Microsoft’s Windows 10 is rapidly replacing older operating systems in both personal and professional environments. As with any OS, however, there are several key things you need to know upfront. The addition of unique advertising IDs that inject Microsoft ads into your browser, recommended express privacy settings and cloud syncing of personal information can inadvertently overshare your sensitive data if you don’t take precautions.

Nine Tips to Stay Secure

Here are my top nine tips to help you maintain the appropriate level of privacy and security with your own Windows 10 installation.

1. Turn Off Ad Tracking

By associating a unique advertising ID with each account, Microsoft collects information to create personalized ad experiences across platforms. While that sounds good in theory, it is borderline creepy in practice. These ads will follow Windows 10 users from one device to another.

To disable the feature, go to the Privacy Settings menu and turn off General > “Let apps use my advertising ID for experiences across apps.” If you want to get rid of ads following you around on your browsers, head to Microsoft’s advertising opt-out page. You will also have to adjust your Bing account settings on the web to clear your Cortana history. If you’d like to disable built-in ads for Microsoft’s cloud service, navigate to View > Options in File Explorer. Scroll down and turn off the option for “Show sync provider notifications.”

2. General Annoyances

You should always use the custom setup install. The latest Windows has some really lousy default express settings for privacy, such as automatic hotspot connection, bad personalization and browser protection choices, error reporting and location awareness assumptions. You can always change these later, but why start out aggravated? Also, if you can choose the Pro version rather than Home, you can make changes to your individual policy settings using the GPEDIT.MSC tool, which is installed on the former but not the latter.

One more thing: You’ll find the Active Hours in the Settings menu, under Update & Security > Windows Update > Change Active hours. You can only designate up to 12 hours as active. Windows will not restart your device to install updates during these hours.

3. Avoid Edge Browsing

Microsoft’s Edge browser has gotten some big improvements, such as plug-in support and ad blockers, in the latest build. However, unless you are an absolute Microsoft fanboy, you should stick with another browser. “Microsoft is getting closer to providing a browser on Windows that could convince many to switch from Chrome,” according to The Verge. However, reports show that Edge is still not very secure.

4. Do You Really Need Cortana?

Speaking of which, with Anniversary Edition, you can’t turn Cortana completely off, because it now encompasses both desktop search and the personal digital assistant. But there are some things you can do to protect your privacy, depending on how much you want to use voice commands on your PC. If you navigate to Settings > Privacy > Speech, inking and typing menus, you can click on the “Get to know you” box to turn this off. Of course, this means the system won’t learn your voice commands.

5. Lock Screen Security

A set of features added to Windows for convenience might be a security issue,. For this, you want to visit the settings that affect the lock screen that you see when you first boot up your PC. To make it more secure, open the Settings menu and go to System > Notifications & actions and turn off “Show notifications on the lock screen.”

You’ll also want to go to the Settings screen > “Use Cortana even when my device is locked” and turn that off, and turn off the setting that lets Cortana access your calendar, email, messages and Power BI when your device is locked.

6. Turn Off Location Services

When you first set up Windows, it asks if you want to turn location services on globally. If you go into the Settings > Privacy section, you will see a set of choices for more granular control over location services. You can enable it for your login account and particular apps, and also clear location history on your PC.

7. Make Sure Defender Is Running

If you use Defender, make sure it is still running. Defender will turn itself off if it detects a third-party antivirus tool. You can check its status under the Update and Security settings. It sometimes forgets to turn itself back on — or takes a few days to remember — if you remove the other tool.

8. Enable Smart Screen

The one express setting that you probably want to leave turned on is Smart Screen, which is Windows’ method of protecting you from potential harm inflicted by unrecognized apps. It actually has three choices that you can revisit when you bring up System and Security > Security and Maintenance controls. To force admin approval before running these apps, just bring up a warning dialog box, or turn it off completely. You’ll probably want to leave it on the most restrictive setting.

9. Additional Steps

There are a number of other settings to consider adjusting. For example, you can limit which particular apps can access your camera and microphone. Similarly, you can limit the amount of diagnostic and usage data that Microsoft collects from your computer, although you can’t completely shut this feature down.

You can also revoke apps’ access to your Microsoft account info and control which apps you wish to run in the background. Some apps may be leaking information about your activities without your knowledge, so if you are ultra paranoid, this is for you.

Protect Your Digital Privacy in Windows 10

Windows 10 has introduced several new features that could pose a threat to digital privacy. While these tips are a good starting point, remember that future updates may add or change features, so always pay attention to the Windows Update notes to make sure you’re not giving away more than you should.

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …