BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Like any operating system, the more widespread Windows 10 becomes the more susceptible it is to attacks.
Even so, Microsoft is trying to downplay Windows 10 security risks, going so far as to suggest that organizations can solve all their endpoint security problems with an upgrade to Windows 10. In fact, Windows 7 users can continue using that OS at their own risk, because Windows 10 is much more resilient to attack, according to Microsoft.
It is true that the Windows 10 Anniversary Edition does a good job preventing zero-day attacks, but the operating system is still vulnerable in many ways.
Windows 10 security risks to look out for
Lack of encryption
If organizations don't enable BitLocker or other full-disk encryption drives or partitions, then users' personally identifiable information is vulnerable to theft and loss. Even though admins have known about the risks associated with data at rest for more than a decade, it is not uncommon to find an organization that still does not have full-disk encryption on laptops and physically vulnerable desktops.
Users might have copies of critical files such as customer records, source codes or company financial forecasts on Windows 10 laptops and desktops that they haven't backed up. The only really good fix for this is for desktop admins to perform workstation backups. It's time and resource intensive to say the least. Even if admins turn to the cloud to simplify the backup process, they still have to worry about shadow IT and BYOD, which can allow users to circumvent their backup controls.
If users share their drives on the network or click links and open email attachments they should avoid, there's going to be trouble. In fact, admins can fix all other security vulnerabilities and still have a ton of risks associated with email phishing alone -- including targeted spear phishing. The risk of these targeted attacks actually dwarfs most other vulnerabilities. It is virtually impossible to completely prevent users from causing problems, but admins should at least educate their users on security best practices.
Test your knowledge of Windows security features
How much do you know about securing Active Directory and Microsoft Azure? This quiz will test your knowledge of the best tools to protect Windows.
Windows 10 does a pretty stellar job keeping the OS and patches up to date, but that doesn't include third-party software such as Adobe Reader and Firefox. Those types of apps are a dangerous Windows 10 vulnerability. Criminal hackers often focus their efforts on the third-party patches that admins have almost no chance of keeping up with. The patches come out at unpredictable intervals and there are just too many to keep track of. Admins can turn to patch management tools such as GFI LanGuard and regularly scan endpoint devices for missing patches.
Desktop security standards
Admins must not forget to update desktop security standards and related policies to limit Windows 10 security risks. That includes setting standards for password length and complexity, choosing what applications to support and selecting the right web browser configurations to accommodate for changes in Windows 10. That's a common missing link that contributes to unnecessary endpoint risks.
Everything you need to know about Windows 10 security
Explore Windows Hello in Windows 10
Security gets a boost in Windows 10