Windows 10 keylogger adds fuel to the privacy fire

Microsoft's data collection practices in Windows 10 have been under scrutiny since the company released the OS. The Windows 10 keylogger doesn't do much to quell privacy fears.

There's been quite a bit of talk about Microsoft collecting keystrokes and other data in Windows 10. Some might call it paranoia or fearmongering, but it's definitely a concern for IT administrators and end users alike.

The truth is the default Windows 10 keylogger is really nothing new. It just received some online press recently, because this feature collects typing and handwriting data to improve typing and writing services on the OS. And even though Microsoft vows to be more transparent about what data it collects, the new Windows 10 Creators Update still gathers a good bit of private information from users by default.

Just because it's not new does not mean the Windows 10 keylogger is something IT can ignore. A ton of sensitive information flows through the keyboards of any business computer -- from intellectual property, to details on mergers and acquisitions, to personally identifiable information, to passwords; a lot is at stake.

How can data collection hurt organizations?

Some of the paranoia may be over the top, but it's still important to know how Microsoft is using the data it's collecting.

Privacy advocates never like to find out about companies collecting this kind of information and possibly using it for -- or against -- them in untold ways. The personal privacy concerns associated with Windows 10 data collection are not the whole story, however. Organizational issues exist, as well.

Some of the paranoia may be over the top, but it's still important to know how Microsoft is using the data it's collecting. The data could reveal a contract violation between an organization and its customers, or between its customers and business partners. The data could also expose organizations to an unforeseen cyberattack. Regulatory compliance is also crucial to keep in mind.

What should admins do about it?

Admins can disable the Windows 10 keylogger on a computer-by-computer basis or manage it through their domains.

Windows 10 keylogger
The Windows 10 keylogger. Note that it is disabled in this example.

Spybot Anti-Beacon is a great tool to disable the keylogging -- and much more -- to truly enhance Windows 10 privacy settings. It may be for noncommercial use, but taking a look at what the tool does can spark some ideas for admins looking to tweak their own enterprise Windows 10 standards, either pre- or post-deployment.

Regardless of how worried IT admins are about Windows 10 data collection, they must talk about it. Windows 10's default privacy settings underscore the importance of establishing policies and standards around enterprise desktops, BYOD and shadow IT -- and then enforcing them.

If anything, the Windows 10 keylogger highlights why IT should involve legal counsel in its security decision-making. There's a lot going on here, and it's likely to get more complicated, so admins must be sure they have all the right people on board to make decisions that are in the best interest of their businesses.

Next Steps

Windows 10 data collection is a necessary evil

A look at Windows 10 telemetry data collection

How users can take control of their privacy

Dig Deeper on Endpoint security management tools