How do I make my Windows OS device more secure?
Answer
For Windows computers, we’ll go over the following kinds of security in detail: physical security of the device, security of the device’s data, and access management.
Windows Access Management
Set a Strong Computer Password
It’s very important to have a strong passcode. It’s your computer’s first line of defense. A strong computer password contains uppercase and lowercase letters, numbers, and symbols.
If your Windows computer is bound to Active Directory (for all faculty & staff computers issued by the college, this is or will be true), then your computer user password is also your Carthage password. If your Windows computer is not bound to Active Directory, then you can set your own computer password.
To Change your Computer Password (Windows 7)
- Click the Start Menu.
- Search password in the Start Menu’s search field.
- Select Create or remove your account password from the list of search results.
- If you don’t have a password yet, create one. If you do, but it’s not a strong, alphanumeric password, give yourself a new, stronger password.
- You’re done.
To Change your Computer Password (Windows 8.x, 10)
- Click the Start Menu.
- Search password in the Start Menu’s search field.
- Select Sign-In Options from the list of search results.
- If you don’t have a password yet, create one. If you do, but it’s not a strong, alphanumeric password, give yourself a new, stronger password.
- You’re done.
Lock your Screen
It’s best practice to lock your Windows device’s screen if you’re going to leave it unattended for any amount of time. That way, if someone tries to use your computer (or steals it), they can’t get access to your personal data, or any of the college’s sensitive data that might be stored locally on your computer.
To Lock your Screen (Windows 7, 8.x, 10)
- Use the key combination Windows key + L key
- Use the key combination Ctrl + Alt + Delete > Select Lock Screen from the list of options.
Windows Device Security
Physical Security: Kensington Locks
Most, if not all, of the Windows computers that Carthage issues have Kensington lock slots on them. If you’re going to leave your computer unattended for any stretch of time (e.g., in your office overnight, at your hotel when you’re traveling), you should lock up your Windows computer to prevent theft.
Windows Data Security
Data Encryption via BitLocker
The College’s license agreement with Microsoft gives us access to the Enterprise versions of Windows 7, 8.x, and 10. Enterprise versions of Windows have BitLocker included for free.
If you store PCIs on your Windows computer, your Windows computer must be encrypted with BitLocker and LIS must have a copy of your recovery key.
All new faculty and staff machines will be issued with BitLocker encryption enabled by default, and LIS will store a copy of your recovery key, in case of emergency.
To Enable Bitlocker...
- Click the Start Menu.
- Search bitlocker in the Start Menu’s search field.
- Windows 7: Select BitLocker Drive Encryption from the search results.
- Windows 8.x, 10: Select Manage BitLocker from the search results.
- Follow prompts, and always keep a backup of your encryption Key off-device.
- You’re done.
System Security with Automatic Updates
It’s important to keep your computer’s software up-to-date. The operating system, programs you use, and extensions to those programs (e.g., browser plugins) are all vectors for attack and are regularly patched by developers. Where possible, it’s a good idea to turn on automatic updates.
In Windows 10, Microsoft mandates automatic updates, but in previous versions of Windows, you might not be totally up-to-date. It’s important to stay one step ahead of hackers.
To Enable Automatic Windows Updates in Windows 7...
- Click the Start Menu.
- Search update in the Start Menu’s search field.
- Select Windows Update from the search results.
- Configure Windows Update to run automatically.
- You’re done