Ten Enterprise Windows Security Best Practices You Need To Know

1. Keep Windows Up to Date

The most important thing for any company to do to stay secure is to apply OS updates to all systems as quickly as possible. Andy puts it this way, “Patch, patch, patch. And when you finish patching, patch some more.”

2. Switch Off Any Services You’re Not Using

This seems like a no-brainer, but a number of companies don’t fully lock this down. Do you know which services your company is allowing and disallowing? Are you monitoring endpoints for rogue services and cracking down on it? If not, you should be.

3. Disable Any Ports That You Don’t Need

Open ports are a red carpet welcome for a variety of cyberattacks. Every company knows this. Yet many companies still don’t lock ports carefully. Or they do it once and then don’t verify compliance on an ongoing basis. Every Windows endpoint should be port-restricted to use only what’s needed — at all times.

4. Don’t Forget Your VMs!

Andy says it’s amazing how many people do their physical systems and overlook the VMs when it comes to applying updates and other security configuration management policies. Your virtual machines are just as vulnerable a target as physical computers. Cyberattackers don’t discriminate.

5. Stay on Top of Third-Party Patching

In the cybersecurity industry, the focus has moved away from attacking operating systems. It’s shifted to applications and mobile as well. So, application updates are no longer about functionality, they’re also about security. Antivirus is critical, but it’s just one of many third-party applications.

6. Office 365 Shops Should Check Their Secure Score

In a corporate environment, companies really are paying more attention to how they lock down Office 365. They need to make sure data isn’t leaked and that business units aren’t sharing data to other business units. Microsoft data loss prevention can help, but it’s just another tool to configure. The question is: are your systems configured correctly?

7. Make Sure You Have a Documented Desktop Configuration Policy

Make sure you’ve got a good security policy for dealing with access to your common desktop. Is the user allowed to do anything they like? Or is it cut down? Do you have a VPN access policy, and what is it? What is your policy for identity and authentication?

8. Use Multi-Factor Authentication

Definitely consider multi-factor authentication (MFA). MFA is very practical now, with fingerprints, facial scans, etc. Biometrics really has changed the game, though other forms of secondary authentication are fine. The main thing is don’t rely exclusively on usernames and passwords anymore.

9. Have an Incident Response Plan in Place

Your company should have a set of procedures in place for the “what if” scenario. This way, you are prepared if you get hit with malware, if there’s a disaster, or if there’s some kind of data breach. If you have a plan already, “you don’t run around like a headless chicken,” as Andy puts it. You need to flip over to “Okay, right, there’s a procedure for that; let’s deal with it.”

10. Have Employees Sign a Security Awareness Agreement

Social engineering is the biggest hammer cyberattackers have. Over 80 percent of breaches come from within a company. It’s not that employees are evil, they don’t usually mean harm. Andy jokes, “Stupidity. There’s never a patch for stupidity.” But, really, he knows all the people at your company are smart — just lacking training.

Learn more!

The podcast goes into more detail about MDM, the cloud, and other security topics. Plus, Andy answers the question, “Would you rather be able to see 10 minutes into your own future or 10 minutes into the future of everybody else?” You can also follow Andy at andymalone.org and on Twitter @andymalone.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Inventors of the world’s first smart-scaling systems management technology for enterprise IT professionals. www.adaptiva.com