Like virtually every small business in the US, your office probably runs on Microsoft Windows 10. Windows 10 is the most popular operating system in the world. It offers the widest selection of business applications, is well supported, and it’s secure... right?

The answer is yes and no.

Now, before you swear under your breath and hit the back button, here’s the promise: by the end of reading this, you’ll understand why it’s a part “no” answer and what you can do about it.

What’s Missing: Employee Security Awareness Training

Education is your first line of defense. Unlike in the movies where hackers break into your network and wreak havoc on your systems, the majority of security breaches today are initiated by a user’s action. This could be opening a phishing email, clicking on a malicious link, or installing what appears to be legitimate software with malicious software hidden inside. Ensuring your users are educated goes a long way toward protecting your network and your business. If employees are not properly trained, no degree of Windows configuration can help.

Windows users in your business should know the right actions to take in certain situations:

• A window pops up trying to install a new program: Should I allow this action? How do I know if it’s malicious? What are the risks associated with allowing this program to run?
• A user finds a “free” program on the web for a one-time task to save the company money: Am I downloading this from a reputable website? What is the real source of this program? Why is it free? Could there be spyware hidden inside? Is there an acceptable alternative in the Windows Store?

• A user gets a pop-up on a website saying their computer has been infected with a virus and they need to install a program to remove it: Do I already have antivirus running? How would a website know if I have a virus? Is this program actually a virus itself pretending to be an antivirus program?

NSI offers security awareness training as part of its overall set of cybersecurity services. You can check them out here. 

What You Need an Expert’s Help with: Security Settings 

It’s not that Windows 10 itself is insecure - it’s Microsoft’s most secure operating system yet, and can be made secure with the right configuration. Having Windows securely configured is a big step toward securing your business systems, but it’s not quite as easy as it sounds:

• 1000s of settings - There are literally thousands of settings in Windows 10. A wrong setting could leave a system extremely vulnerable for attack.
• Unused software - Windows has dozens of features and programs installed that may never get used. Each of these is yet another program that requires updating.
• Default is not secure - Windows default settings are designed to focus on being more compatible with previous versions, which are not necessarily the most secure.

To compound the problem, new security vulnerabilities are being discovered almost daily, each more dynamic and sophisticated than the last.

For a non-IT professional, securing Windows 10 is a daunting task. With so many different settings it’s hard for anyone to decipher what’s truly secure. Microsoft publishes best practices guides for IT experts and does provide a running list of security updates with information about each one. Reading through them is a full-time job, as is going back and applying those settings each time new guidance is published.

Configuring Windows 10 is challenging enough, never mind applying settings several times across multiple computers in the business. This activity introduces the risk of human error, making it easy to miss a step or incorrectly enter a setting. It only takes one misstep to leave a hole in your security. So how do big corporate IT shops do it?

Large enterprises use complex, expensive configuration management systems that allow IT admins to apply settings across thousands of computers automatically. They also have dedicated teams who manage these systems and review each of the updates, patches, fixes and configuration changes before they are pushed to users systems.

A smaller business can still get the benefits of a large enterprise but on a smaller scale, leveraging a managed service provider to help with Windows 10 configuration on an ongoing basis. MSPs such as Connecticut-based NSI provide services to fully manage systems using automation similar to large enterprises. These services can do things like:

• Apply a secure configuration to a laptop or desktop computer
• Remove unnecessary programs
• Disable services that could be exploited to gain unauthorized access to a computer
• Scan for vulnerabilities on systems
• Install updates for programs and ensure automatic Windows updates are being applied

What’s Missing: No Human Supervision

Once Windows 10 has been secured, it’s important it stays that way. If a user makes a change to a setting on their own, they could open up a security hole that could affect the entire company. Likewise, clicking on the wrong link could open up a whole different can of worms, introducing the risk of a data breach or ransomware. Even the most secure Windows 10 configuration can’t stop that. The typical small to medium size business may have 1-2 IT people total if any at all and it takes them up to 55 days to detect an intrusion in their systems. How can they combat security threats?

In comparison, large enterprises always have someone watching over their systems, ready to intervene in as needed. These are dedicated IT staff whose sole purpose is to make sure the business is secure. This staff makes up what is called a Security Operations Center (SOC). A SOC is responsible for:

• Deploying detection tools to constantly monitor security
• Ongoing vulnerability scanning to look for security holes
• Detection of security threats on laptops, PCs and the network
• Response to and remediate security threats

Smaller businesses can receive all these services by hiring a managed service provider to handle their cybersecurity. Regulated businesses (healthcare, finance, contract manufacturing) can also benefit from full auditing and reporting for compliance. Managed service providers like NSI have tools to do configuration management and detection of vulnerabilities in their environment. NSI also has a team of cybersecurity experts who can detect and respond to security threats on their customer’s behalf.

Next Steps Toward Securing Windows 10 and the Business

Running Windows 10? Here are some things to do right now to improve security:

• Enable Automatic Updates - this will help toward securing the system by keeping it up to date
• Enable Windows Defender - it’s not perfect, but it’s a start, and will help protect a system from viruses and malware until a more comprehensive solution can be put in place
• Enable Windows Firewall - this should already be turned on, but check it just in case
• Uninstall unused programs - out-of-date software provides an opportunity for cybercriminals that won’t exist if the software is removed
• Educate your users - Security awareness training will go a long way toward helping keep Windows 10 users secure

An investment in cybersecurity is an investment in the business. Managed service providers offer a cost-effective alternative to hiring dedicated IT security staff, and will be way less expensive than what could result from a security breach due to a mistake.