In the original Star Wars, the Empire thought the Death Star, with its shields, tractor beams and planet-destroying laser, was the ultimate power in the galaxy, but one easy-to-overlook flaw -- a thermal exhaust port no bigger than a womp rat -- was enough of a vulnerability to allow a farm boy to blow it up.
To make matters worse, the Empire did not take the Rebel assault on the Death Star seriously because it thought the space station was invincible.
Windows 10 administrators can fall into the same trap. Like the Death Star, Windows 10 has a lot of security bells and whistles such as Windows Hello for Business, which delivers two-factor authentication and Windows Information Protection (WIP), which allows IT to control who can access what data, but it's not infallible and a little flaw can unravel everything.
Learn from the mistakes of the Empire and be sure to take these Windows 10 security tips seriously so minor issues don't ruin everything.
Microsoft does a good job keeping Windows 10 and its built-in tools updated, but Windows Update can fail sometimes so performing manual scans is a good idea to make sure the latest updates worked.
For organizations where the desktop OS is image-based, it's a good idea to rebuild the OS image once in a while to make sure every image is completely up to date. If admins just assume everything is set, an image could be missing an update which opens up security holes.
Third-party software such as Adobe Reader needs updates and patches. Because most organizations have a lot of third-party software and third-party vendors often release updates at unpredictable intervals, it can be a struggle for IT to keep up. As a result, admins should invest in patch management tools that scan users' devices for any software with missing patches.
Encrypt and backup data
Emphasizing encryption is one of the top Windows 10 security tips. If IT does not have a data encryption tool such as BitLocker in place, then users' personally identifiable data is exposed to the world. Everything needs to be encrypted.
Admins should also find any users who do not have backups for sensitive files such as customer records or financial forecasts. If they find unbacked up files, they have to perform labor-intensive workstation backups to close the security hole.
Test your knowledge of Windows security features
How much do you know about securing Active Directory and Microsoft Azure? This quiz will test your knowledge of the best tools to protect Windows.
Train users in the ways of security
At the end of the day, teaching users about security is the most important item on the Windows 10 security tips list because nothing creates more security issues than users. They simply can't be trusted. Admins can put in as many lines of defense as they want, but a user could still click a malicious link and unleash major security problems. Email phishing in particular opens up a lot of security holes.
Admins can't completely prevent users from making mistakes but they can mitigate the risks by checking that users always have Windows Firewall turned on and that they do not have any unnecessary ports open. Admins must not rely solely on Microsoft Windows Defender to protect against malware. It can help, but it's a good idea to invest in a third-party antimalware tool as well.
User passwords are also a problem. Users can forget their passwords; write them down or reuse them over and over, all of which creates security risk. A simple step IT admins can take to close the gap is to set standards on how long and how complex users' passwords are. They can also force users to change their passwords every so often.
IT should also turn to two-factor authentication so users need more than just passwords to access their desktops. Windows Hello for Business allows admins to combine a login factor such as a password with a biometric feature, including fingerprints or facial recognition.
If users must work with cloud services, IT should determine which cloud services they can use and what information they can share on them. They can also keep an eye on users with Windows logging and system monitoring tools. In addition, they should use WIP to determine who can access what data and who users with access can share specific data with.
Still, users are always a risk so the best thing IT can do is to educate them on good security best practices and constantly remind them what to look out for.
Simple things key to Windows 10 security
How to improve Windows 10 security
Windows 10 security guide