This content is part of the Essential Guide: Windows 10 security guide to fortify your defenses

Sweat the small stuff when it comes to Windows desktop security

It may seem like hackers use complex methods to bypass Windows desktop security measures, but in reality it's usually simple oversights, such as unpatched software, that let attackers in.

Every organization is susceptible to data breaches, but it's not necessarily armies of elite hackers carrying out advanced exploits.

That's not to say the level of detail and effort is trivial. There are some advanced attacks. Many of the Windows desktop security problems today, however, are brought about by people ignoring the basic principles of information security according to research, such as Verizon's "2016 Data Breach Investigations Report".

If you manage a Windows-based network, you have your work cut out for you. The attack vectors are numerous and IT may not have proper visibility into workstations. So, how do you address Windows desktop security? As with any problem, you first have to acknowledge it. Unacknowledged -- or worse ignored -- vulnerabilities continue to hinder organizations' Windows desktop security efforts. The fixes are about as simple and predictable as the flaws themselves. Odds are you won't have to spend any money. If you do, it will likely be on a third-party patch management tool at most.

Windows desktop security do's and don'ts

Many of the security problems today are brought about by people ignoring the basic principles of information security.

For strong Windows desktop security, set password complexity standards for both domain and local user accounts. Be vigilant about Windows or third-party software (i.e., Java, Adobe Reader, Quicktime, among others) patches. Often patches are out of date or missing entirely dating back as much as eight to 10 years. Add Windows logging and system monitoring to keep an eye on what users are doing.

Do not give users free reign to share full access to sensitive files with anyone they please. Instead limit who can share what and with whom. Don't leave laptops with hundreds, sometimes tens of thousands, of records of personally identifiable information unencrypted. Prevent end users from working with cloud services without IT or the security team's knowledge or consent. Avoid weak and old-fashioned antivirus software that cannot keep up with today's threats.

So you think you know all about Windows security features? Prove it!

How much do you know about securing Active Directory and Microsoft Azure? This quiz will test your knowledge of the best tools to protect Windows.

These workstation security vulnerabilities might seem trivial -- and they are, which is often why attackers have a leg up on your security program. Regardless of which version of Windows you run, one or more of these vulnerabilities is sure to be present on your network.

Unless you seek out these common Windows workstation flaws, you won't have addressed all known endpoint issues, and attacks will continue. Get ahead of the curve and resolve the issues before someone comes along and makes you look bad.

Next Steps

Everything you need to know about Windows 10 security

A look at security patches in Windows 10

Two features new to Windows 10 that improve security

Dig Deeper on Endpoint security management tools