Microsoft designed its newest OS to be secure by default, but you can still improve Windows 10 security. You should enable the minimum security settings upon installation, but there are a few more things you can do to cover your bases.
For starters, verify that the Windows Firewall is enabled. It's also a good idea to make sure no unnecessary ports are open.
Next, turn your attention to antimalware. Windows 10 comes with antimalware software -- Windows Defender -- that works in a pinch, but most security professionals recommend that companies use third-party antimalware too.
Regardless of whether you use Windows Defender or something else, having antimalware tools in place isn't enough. You must make sure your defenses actually work. Update virus definitions to make sure the software's update mechanism works properly, and perform a manual scan to verify the software's functionality.
You might also want to run Windows Update. Windows 10 should update on its own, but Windows Update sometimes fails; occasionally perform a manual update to verify that Windows Update works correctly.
Most large organizations' desktop operating system deployments are image-based. It's a good idea to periodically rebuild images and make sure the new images contain the latest updates. That way, you won't deploy any images with outdated OS builds. If you don't update the images, newly deployed desktop operating systems can contain security vulnerabilities until Windows Update has a chance to run.
Security features in Windows 10
Windows 10 features vs. old OSes
Improve security with Windows Hello and Passport