Windows 10 Privacy and Security: Top Tips to Protect Your Small Business

If you install the new Windows 10 operating system onto company devices using ‘Express’ settings, Microsoft override a swathe of preferences that you may have made for good company reasons. Your default browser will be changed to the Microsoft Edge browser. Many companies gain valuable business intelligence using apps on the Chrome browser. Some of your personal information will be uploaded automatically to Microsoft servers.

That background data-sharing can be quite extensive. Some features that you would not expect, upload data to the internet. Information on your personal typing and handwriting habits is shared with Microsoft servers. According to Microsoft, this information is used to help their predictions engine.

Data uploads from login

The uploading of personal information begins at the login. Windows 10 wants you to login with a Microsoft account. You can set up a “local” account on your computer but then you lose the ability to install apps from the Windows Store and other functions. The free Microsoft account allows you to sync your different devices to share information easily. If you log on from another computer your familiar screen and preferences appear.

Personal information is gathered to teach Cortana – Microsoft’s version of Apple’s personal assistant Siri –about your habits and interests. It includes device location data, information from your calendar, email and text messages, as well as the apps you use.

Microsoft also assigns each new user a unique “advertising ID” to each account. The ID is tied to your email address and it can be shared by Microsoft with third parties who provide you with apps or other services. By relating the advertising ID to your web-surfing history and app use, Microsoft and its partners can deliver “personalised” ads to your computer.

To avoid this information upload – or at least to review what will be shared – choose a custom install of Windows 10, not the Express option. If you have already done an Express install, you can still disable some of the automatic options under ‘Settings/Privacy’, such as the advertising ID and the location tracking. Turning off ‘Location settings’ will affect some apps such as weather, maps and Cortana. You can allow or deny each app access to your location. Depending on the app, this may stop it from functioning.

Under ‘Privacy/Speech, Inking and Typing’ you can stop your device from learning about your habits by switching off ‘Getting to Know You’. You should also review the privacy settings of your Microsoft account.

Under the ‘Other Devices’ tab, you can turn off ‘Sync with devices’. (It can be used for advertising purposes, if that bothers you.)

You can also opt out of personalized ads in Microsoft Edge by going to the web page: to turn off “Personalised ads in this browser” and “Personalised ads wherever I use my Microsoft account”.

When less choice is more secure

Some of the features that feel like incursions into privacy may actually be sensible privacy or security protections. The ‘Wi-Fi Sense’ feature encrypts your Wi-Fi password and shares it with others. In reality, that is a security enhancement. Many business people are constantly sharing their wi-fi passwords with visitors to the office. But they have no control over what is done with that confidential information. Wi-Fi Sense stops it from being shared further. Under “Manage Wi-Fi settings” you can keep the Wi-Fi Sense feature private by unchecking all the boxes, if you wish.

Windows 10 only offers two Windows Update settings: install and restart immediately, or install and ask permission to restart. There is no “Do not install’ option. But security experts say that not keeping security features up to date is an open door to attackers. Offering a “Do not install” option would be a mistake.

When it comes to security, industry experts AVR, the IT security and mobility specialists, advise users to go even further than the safeguards that Microsoft provide:

“Whilst Windows Hello, Passport and Device Guard prove excellent new additions to the Windows 10 security infrastructure, we’d recommend taking the time to carefully configure the new OS before rolling the system out company-wide. Begin by auditing the privacy section; here, you can manage app permissions to ensure no insecure, third party apps are granted access to sensitive materials. Then, install trusted antivirus software to safeguard against viruses and associated malware.”

The operating system will certainly keep your IT department busy. Windows 10 comes with a new service model where Microsoft will release new service packs every few months. Big organisations especially may not welcome that kind of near-constant upgrading.

User-privacy versus the power of data sharing

Should you turn all these options off? Microsoft will argue, of course, that this level of data-sharing allows Microsoft to smooth your experience, predict your preferences and better protect your security. That is certainly true. Defenders even argue that the personal advertising ID ensures you receive advertising that is related to your interests. They also say that this level of personal information tracking and analysis is the industry norm now – Google, Facebook, Amazon and Apple are just as intrusive.

The power of information-sharing is weakened when data is considered too personal to share. Windows 10 sees your computer as a node on the internet and tries to deliver you the benefits of being part of that network. For example, Windows Update uses the community of Windows 10 computers (possibly including yours) as a file-sharing network to make updating more robust. You can turn the feature off, but apparently there are no privacy risks from it.

Microsoft’s policy documentation makes their preference for data-sharing pretty plain. It states: “We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.”

That leaves me pretty unclear about when they won’t access, disclose or preserve my personal data.

It is arguably easier to switch off Microsoft’s data-sharing than the data-sharing products of rival companies. What is a little unnerving, is the cavalier assumption of permissions in the Express install option. Of course, Microsoft want people to opt-out rather than opt-in because they lose fewer customers that way. But this is our personal information and permission to share it should be treated more seriously than that.

Leave a comment