Windows 10 is a year and a half old and its developer, Redmond, Wash.-based Microsoft Corp., has been aggressively updating computers in the field to ensure that as many people as possible are using this operating system (OS). The company recently stopped selling Windows 10’s two most recent predecessors, Windows 7 and 8, in an effort to get everyone on the same page.

Microsoft has taken some sensible security measures with Windows 10, but also has introduced some privacy worries.

As a financial advisor, you will be concerned about system security and privacy, given the sensitive nature of the data you store on this OS. Below are some tips to ensure that your Windows 10 computer is protected from unauthorized access.

Protect your account

Let’s start with one of the coolest features in Windows 10. Traditionally, Windows has used passwords for user access. Password access creates two problems: first, passwords are prone to being lost or guessed. Second, they’re irritating to type in when returning to a locked computer.

Windows 10 solves this problem with Windows Hello, a biometric system that can recognize users with a fingerprint scanner or with a suitably advanced webcam. You’ll need a computer with the appropriate hardware, such as Microsoft’s SurfaceBook. If your budget allows, this feature makes logging in a breeze, as the computer simply will recognize your face when you show up in front of the locked screen.

Protect your data

If your computer gets lost or stolen – especially with client data on it – you will want reassurance that thieves can’t access that data. Some versions of Windows 10 include full-disk encryption to cope with this risk. Access “settings/about” and check the “device encryption” setting to see if encryption is available. To turn this feature on, you’ll need a Microsoft account because Microsoft uses its cloud computing service to store the encryption key that can unlock your data. That process makes your data safe from laptop thieves, but not from the U.S. government. Because Microsoft stores the encryption key on its own computers, the government could demand to see them, enabling federal agents to decrypt and read files containing sensitive information.

If you choose to encrypt data that you copy to USB drives (as opposed to the cloud), you will need BitLocker, a more advanced Windows feature, which is available only in the Professional versions of Window 10. The alternative is to use a third-party encryption system such as Veracrypt (

Protect against infection

Infection by malicious software (malware) is probably the biggest cybersecurity risk you face. There are several ways to mitigate this threat. Installing antivirus software is the most obvious, but you can go beyond that, says Kurtis Armour, information security consultant at Cambridge, Ont.-based cybersecurity services firm eSentire Inc.

“Ensure the ‘auto update’ feature for Windows, Office and browsers is turned on,” Armour says. Malware often exploits security bugs in application software, he adds, and application vendors will release new versions that close those holes. Making sure the latest software versions and security patches are installed also goes a long way toward protecting your PC.

Auto update is enabled in Windows 10, 8 and 7 by default, so the best advice there is not to mess around with that feature. However, you may need to configure individual applications to update automatically by using their own settings.

One way that PCs get infected is via your browser application, especially thanks to “malvertising.” Websites often source advertisements in real time via clearing houses that display ads from the highest bidder. Some of those bidders insert hidden code or links in their advertisements that can infect computers when the user clicks on an ad. A worrying number of malicious ads even manage to infect users who simply visit a page displaying the ad.

Websites operated by such media outlets as Forbes, the BBC and the New York Times have been hit by malvertising. Armour advises protecting your PC from all ads by simply switching them off. “Uniformly use browser ad blockers, such as uBlock Origin,” Armour says. (Access it at Until a way is found to solve the malvertising problem, doing so may be your best option.

Rather than just blocking browser ads, you also can block “disable content,” otherwise delivered through applications such as Flash, Java and Office, Armour says.

These applications open content on your machine and execute it, which enables malicious content to infect your computer. You typically can block Flash and Java content directly from within your browser’s settings, while macros (which are small programs embedded into Office documents) can be blocked directly from within Microsoft’s software. The trick is not to opt in and allow, say, macros to run when prompted by a document sent by a friend or colleague. Check with that person first to ensure the macros are OK.


As a Windows 10 user, you also might worry about privacy, as the OS features close links with Microsoft’s cloud computing services and sends information there on a regular basis. By default, the system will track your location, send your Microsoft Edge browsing history to the company and monitor typing and handwriting input.

Accessing the privacy options via “settings/privacy” gives you access to a variety of settings that you can turn off to avoid the collection of this information. These include the “Getting to know me” feature that monitors what you’re writing or typing. You also can clear personalization data that Microsoft has already collected by visiting

While you’re in the privacy settings section, you can turn off personalized ads – in your browser, in Windows and anywhere else you use your Windows account – to stop being served personalized ads.

More advanced measures

There are more advanced cybersecurity features in Windows 10 that are available only by altering “group policy settings,” a list of rules that Windows follows when running on a local machine. These rules can be controlled locally using a normally hidden account that provides administrator privileges. But this strategy is a Pandora’s box of detailed settings that control everything from who can access your PC and what they’re allowed to do with it to what software is allowed to operate on your PC.

Lay users shouldn’t tinker with the policy settings on a Windows computer, but if you have a systems administrator, then he or she should know about these settings and configure them for you.

Windows continues to be the No. 1 target for attackers intent on stealing personal data. And malware – including the dreaded ransomware – continues to be one of the biggest attack vectors. While these technical measures are useful, they’re best complemented by security hygiene on your part, including not clicking on any suspicious links. The best protection comes from a combination of software smarts and common sense.

© 2017 Investment Executive. All rights reserved.