Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Five Windows 10 security risks that are easy to overlook

Sometimes the biggest security problems in Windows 10 are the ones admins forget about, including user-induced issues, poor desktop security standards and more.

Like any operating system, the more widespread Windows 10 becomes the more susceptible it is to attacks.

Even so, Microsoft is trying to downplay Windows 10 security risks, going so far as to suggest that organizations can solve all their endpoint security problems with an upgrade to Windows 10. In fact, Windows 7 users can continue using that OS at their own risk, because Windows 10 is much more resilient to attack, according to Microsoft.

It is true that the Windows 10 Anniversary Edition does a good job preventing zero-day attacks, but the operating system is still vulnerable in many ways.

Windows 10 security risks to look out for

Lack of encryption

If users share their drives on the network or click links and open email attachments they should avoid, there's going to be trouble.

If organizations don't enable BitLocker or other full-disk encryption drives or partitions, then users' personally identifiable information is vulnerable to theft and loss. Even though admins have known about the risks associated with data at rest for more than a decade, it is not uncommon to find an organization that still does not have full-disk encryption on laptops and physically vulnerable desktops.

Bad backups

Users might have copies of critical files such as customer records, source codes or company financial forecasts on Windows 10 laptops and desktops that they haven't backed up. The only really good fix for this is for desktop admins to perform workstation backups. It's time and resource intensive to say the least. Even if admins turn to the cloud to simplify the backup process, they still have to worry about shadow IT and BYOD, which can allow users to circumvent their backup controls.

Users

If users share their drives on the network or click links and open email attachments they should avoid, there's going to be trouble. In fact, admins can fix all other security vulnerabilities and still have a ton of risks associated with email phishing alone -- including targeted spear phishing. The risk of these targeted attacks actually dwarfs most other vulnerabilities. It is virtually impossible to completely prevent users from causing problems, but admins should at least educate their users on security best practices.

Test your knowledge of Windows security features

How much do you know about securing Active Directory and Microsoft Azure? This quiz will test your knowledge of the best tools to protect Windows.

Unpatched systems

Windows 10 does a pretty stellar job keeping the OS and patches up to date, but that doesn't include third-party software such as Adobe Reader and Firefox. Those types of apps are a dangerous Windows 10 vulnerability. Criminal hackers often focus their efforts on the third-party patches that admins have almost no chance of keeping up with. The patches come out at unpredictable intervals and there are just too many to keep track of. Admins can turn to patch management tools such as GFI LanGuard and regularly scan endpoint devices for missing patches.

Desktop security standards

Admins must not forget to update desktop security standards and related policies to limit Windows 10 security risks. That includes setting standards for password length and complexity, choosing what applications to support and selecting the right web browser configurations to accommodate for changes in Windows 10. That's a common missing link that contributes to unnecessary endpoint risks.

Next Steps

Everything you need to know about Windows 10 security

Explore Windows Hello in Windows 10

Security gets a boost in Windows 10

This was last published in January 2017

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Windows 10 security guide to fortify your defenses

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Which Windows 10 security vulnerabilities concern you the most?
Cancel
Telemetry and Data Integrity is a major problem for enterprise. The latest surveillance legal rulings within the EU makes it difficult to have any enterprise role outs with meaningful compliance standards.Windows 10 has made a c change with this system with fundamental design focused upon content consumption as it hopes to turn around the company by mimicking Apple, and Googles success with open source business models. In 2012 I forecast Microsoft would be giving away their operating system for free. I was like other industry analysis not expecting a sudden change of policy to follow this course in 2016.
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close