How to Lock Down Windows 10 for Watertight Security

Worried about your online and offline security? You have all the reasons in the world to be! Hardly a day goes by without a new hacking controversy, with people and their computers getting heavily compromised.

The perils of the always-connected era.

But protection is always better than cure, the saying goes.

And luckily, there are a number of security precautions you can take on Windows to ensure that you are as protected as you can be. And in this detailed guide, we will learn the tips and tricks you need to lock down your computer and close the door on snoopers, hackers, malware, and other online threats to your privacy and security.

Let’s begin.

Tightening up your Security

The goal of this guide is to tighten up the security of your computer, home network and your Internet connection, encrypt your connection using a VPN and discover the best practices for secure web browsing, email and chat.

You will also learn how to you implement a foolproof password management system. Plus, a section on how to switch to two-factor authentication for even greater protection.

It’s divided into 10 easily digestible segments, each briefly outlining what you can do to keep that aspect of your computer usage secure — all for the good cause of keeping your personal information and private data safe and protected.

And while this article has been written with Windows 10 in mind, many of the strategies discussed here apply to earlier versions of the OS. In fact, almost all of the software and services mentioned here work perfectly fine in older variants of the operating system, particularly Windows 7 and 8.1.

Malware Protection for PC

First thing first. Protecting your computing experience starts with securing the computers in your home. For this, take a look at your security software. If you are using Windows Defender, we recommend switching to something stronger.

Tons of capable security suites are available.

avira security suite

But Avira Security Suite is an excellent choice if you are happy to rely on free protection. It’s lightweight, easy to use, and includes built-in protection against Potentially Unwanted Programs (PUPs). You also get an optional browser plugin that protects your web searches and provides protection against dodgy websites is also available. And thankfully, Avira Antivirus is also less intrusive — you can completely switch off those popups that offer you to upgrade.

Overall, this is a program that matches the protection on offer with commercial products from the likes of Bitdefender and Norton.

Whatever security software you have installed on your PC, it’s never a bad idea to go one step further and set up an additional layer of protection. For extra help, you need something to root out infections that your main security software may miss.

MalwareFox Antimalware

Install MalwareFox Anti-Malware, and scan your system at least once a week. Or upgrade to the premium version for real-time protection against a wide range of threats.

Speaking of premium versions, keep an eye out for those frequent 50% off deals that many security vendors run throughout the year. Simply purchase them and apply them to your program once your subscription nears end.

Ransomware protection is a bit tricky, though.

Most free antivirus programs don’t offer any protection against these types of threats. This is a nasty malware that sneakily encrypts data on your hard drive, demanding you to pay a hefty ransom to get access back to your files — usually in the form of cryptocurrencies like Bitcoin.

The best way to protect yourself is to regularly backup your data, onsite and offsite, on the cloud and on an external hard drive.

That said, a paid premium security solution is well worth the investment.

Strengthen Firewall and Monitor Connections

If you decide to use free protection, chances are you will end up relying on the Windows Firewall. It comes with all you need to close the doors to hackers. Though interestingly, it doesn’t use all its features fully as it should.

That is to say, while Windows Firewall monitors the incoming traffic from the Internet for potential threats, it lets through all outgoing traffic from applications without a hitch — a recipe for disaster, if ever there was one.

Tinywall Firewall App

So, if you don’t have a third-party firewall installed, then TinyWall is the program you need.

This program basically gives you a way to use Windows Firewall as a two-way firewall. You will need to configure and train it to get it working and recognize your applications. Meaning, it will take some time before all your software is added to the whitelist and working correctly. But once you do that, TinyWall will recognize the application you trust and let it through.

Sounds like too much of a hassle? Look for a paid solution.

  5 Best Firewall Programs for Windows 10

But when it comes to free applications, this program offers everything you need to lock down the gates of your system. It even comes with intelligent auto learning features, exceptions, sharing settings and sharing folders so you can link to the shared files and folders on your system.

On the flip-side, tinkering with these settings also lets you learn the ins and outs of network connectivity and system management.

How to Protect Important Files

Personal files are priceless. But managing them is not free of stress. This is doubly true for laptop users who are on the move and take their PC on the road. The fear of what happens if their device is stolen is something that is always on the back of their mind.

The answer to this is to encrypt files.

There are a number of ways to go about this, depending on where and how your data is stored.

  5 Best Cloud Backups for Windows 10

If you carry your files around on a USB flash drive, the easiest way is to create a container that you can use to place your most sensitive files. This encrypted container will be protected by a password. Supply the correct password to unlock the files within what will be a virtual disk drive. Otherwise, they remain hidden. Anyone that tries unauthorized access will find the data scrambled.

rohos mini drive

Rohos Mini Drive is the tool you need. The free version lets you create virtual drives up to 8GB in size, which should be more than enough for most users.

You can also go a step further, and encrypt your entire machine.

bitlocker

Windows 10 Professional has BitLocker, a drive encryption feature. Simply search for it form the Start Menu and set things up. Windows 10 Home users are out of luck when it comes to a native encryption option. But they can just as easily use VeraCrypt to encrypt their data. This program can either create encrypted volumes of locally stored data, or encrypt entire drives and partitions.

Goes without saying that you will need to take care to properly set up and manage your encrypted data, as forgetting the password details means saying goodbye to your files.

  8 Best USB Encryption Software

Encrypt Data on Cloud Storage

Use the cloud to back up your data? You may be concerned about its security. While all cloud providers promise to encrypt your data for privacy reasons, not many are upfront about the kind of encryption they offer. Few, if any, offer you the keys to keep for client-side encryption.

e-share

The solution is to encrypt your data locally before uploading to the cloud. VeraCrypt users, for example, can simply create an encrypted volume inside their cloud folder and store sensitive data there. Now this, obviously, does not work if the primary use of your cloud service is to sync data between your various devices. For this, you will need a solution that allows you to access your data on whatever platform you are working on.

ncrypted cloud logo

A few options exist for this, but perhaps the best one is nCrypted Cloud.

Install and set up your account, then connect your cloud providers. All the major ones are supported, including Dropbox, Box, OneDrive and Google Drive. Simply choose the folders that you want to encrypt and install the apps on your other computers and mobile devices to get secure access to your files.

It is both unlimited, and free for personal use.

Lock down your Router

Your router is the gateway between your home and the outside world that is the Internet. For this reason, it is important to carry out administration and strengthen its security to prevent drive-by hackers that remotely target routers that have left the default password in place.

Managing your router via your web browser is easy.

router login screen

You simply need to enter its IP address into the address bar. If you don’t know what your IP address is, find it out via the Network and Internet section in Settings. The Default Gateway will be the IP address of your router. Type it into your browser and you will see a status or login page.

Consult the documentation of your router or visit its website to find out the default login details, and use them to gain access to your panel. Inside, update the password to a strong one, and be sure to keep the new password safely written down somewhere.

Shield your Wi-Fi

With the router password updated, it is now time to protect your Wi-Fi network. Confirm that your router has already set up encryption, ideally with AES. Changing your network password is also a good idea while you are at it, though, you will need to reconnect all your wireless devices.

  How to See Who’s on Your WiFi

But it’s worth it to kick off any unauthorized devices that might have been using your network without your knowledge.

mac address

If your router supports MAC filtering, you can lock down your wireless network further. This will mean that it will only accept connections from devices that have specific MAC addresses. To do this, first identify the MAC address for each device you own, and write it down. You will usually find this under the network settings option. Enter the address one by one and allow devices with MAC addresses that match.

Advanced users among you may also want to open up ports manually for applications and devices that connect to the Internet.

advanced IP scanner

You might also want to keep an eye on what’s connect to your home network. Download and run Advanced IP Scanner to spot snoopers or hackers. This program will list all the currently active devices that are using your network. Identify unknown devices by using the manufacturer field if the name doesn’t give you any clues.

Keep scanning for suspicious devices from time to time.

Boost Security on the Web

Let’s now get down to the business of protecting yourself online. Starting with the DNS server, which is what is used to translate web address into their actual IP addresses. Normally your ISP provides you with DNS server. But as you can imagine, this is not the best choice for performance and security reasons.

Alternatives like Cloudflare DNS not only apply more security checks to validate web addresses, you even get features like parental controls and identity theft protection.

hacked dns

Public hotspots can be another menace. While it may be tempting to connect to public wireless hotspots that don’t ask for passwords, the problem is that they are often completely open — anyone can eavesdrop on you or your activities.

This is where a VPN comes in. A virtual private network creates a tunnel through a public network that is then used to connect you to the Internet. All the traffic to and from is encrypted.

opera web browser

If you only want to browse the web, then the Opera web browser is a good bet. It comes with its own secure VPN. To widen this to all your network traffic, you can subscribe to a VPN service. The free version of CyberGhost VPN is a solid solution, offering unlimited data but slow performance.

Plenty other services are available, though.

https everywhere logo

Another good idea is to connect to websites securely using the secure HTTPS protocol, rather than the insecure HTTP one. It’s hard to always remember this when typing web addresses or taking note when clicking on links, so download and install the HTTPS Everywhere addon. This open-source extension will automatically try to connect to the secure versions of websites.

Ultimately, the real trick of staying safe online is to avoid dodgy websites. Modern web browsers are smart at detecting and diverting you away from these dangerous sites. Good security programs also offer browser toolbars that you can use to search the web securely.

Safe Emailing and Secure Chatting

Email is a similar story. It pays to avoid clicking any links in your emails. Instead type the URL into your web browser directly. This will ensure that you will only end up visiting the location where you think you should be going.

Tools like Mailwasher and PopTray are recommended for screening messages before they land on your PC. Use them to scan email attachments before you they download on your computer and take care not to open the ones that fail security checks.

You can also encrypt your email. If you use Thunderbird, you can download and install the Enigmail plugin to accomplish this. Setup is a tad complicated, but well worth the time if you deal with sensitive information via emails.

retroshare

Likewise, it’s never a bad idea to chat securely with your contacts. While instant messaging applications like Skype are fun to use, they are not exactly secure. Look into alternative solutions to encrypt and secure your communications. Retroshare is a good one, or use Jitsi, which supports a number of different messaging platforms.

Beef up your Passwords

Despite industry efforts to the contrary, we continue to rely on passwords to secure our online and offline accounts. Sad truth is that this presents hackers and identity thieves with an opportunity to crack your passwords.

And often times when they crack one, they break your other passwords, too.

The only way around this is to create unique and complex passwords for each account that you are using. A blend of uppercase and lowercase characters, numbers and symbols should do the trick.

The only problem? Remembering all of them.

A good password manger is worth its proverbial weight in gold here. A bunch of these password management tools are available that will not only generate strong random passwords for you, but also protect them behind a single master password. Log into the password manager with that, and the rest of your passwords become available — for all your sites and services, software and setups.

The more paranoid among you can even store your passwords online. Though most will trade off this security for the convenience of a solution that works online.

keepass

If you fall into the former camp, then look at KeePass. It stores everything locally, behind a master password. An extra layer of protection is also available in the form of a key file that you can store on an external disk or drive. The program is also portable, meaning you can store all your passwords on a USB flash drive and take them with you on other computers.

The downside to all this is that it only works on PC. So, if you want access to your passwords on your mobile, you will need to be within reach of your machine to view them.

Enter LastPass, with a similar feature set and oodles and oodles of convenience. You can install apps on your devices, even use browser plugins to easily log into sites. It works with any service you can access through your browser, making this a good option for your router and any servers that you are hosting locally. To top it off, it not only syncs your passwords across all your device, the service also lets you do a security audit to check for any weak passwords or compromised accounts that you may have.

And the best part is that all this impressive functionality is available for free.

lastpass

Alternative password managers also exist, which work across all your device and browsers. 1Password, for example, is another good choice that is available for Windows and Mac, Android and iOS. Web browser plugins are also offered.

Good password management is one thing, but it is of little use if your password is leaked. Even the strongest passwords can be guessed, and online services often get hacked. Perfect time for multifactor authentication to enter the picture.

Go Multi-Factor authentication

Implementing two-step verification or multifactor authentication is about as secure as you can go these days. This, essentially, adds an extra step when logging into accounts on new devices, an extra layer of security by checking your identity — usually via mobile devices.

It can be as simple as an email notification. But you can also deploy a solution that requires your smartphone or tablet to be at hand. The latter option is the best, as it will require you to have your physical device to verify the request.

authy

Often, you will need to install an authentication application, or receive a code via text message that is then tied to your account. The free LastPass Authenticator app serves well here, as does Authy. Both solutions are packed with features. Just be sure to set up a PIN code for when your smartphone or tablet gets stolen or you lose access to it. This will allow you right back in, in case of emergencies.

Most services that offer multifactor authentication also offer what is known as one-time passwords. OTPs are passwords that you can use in place of regular passwords to log into an application or device. Find and set them up in the settings, and all should be well.

A Life, secured

Securing your digital life involves multiple measures, and a few compromises. But with the increasing reliance on online services and storing memories and personal information on computers, every step you take will pay off in the end.

For, in the long run, no one but you can keep yourself safe.

3 thoughts on “How to Lock Down Windows 10 for Watertight Security”

  1. If your goal is truly security, then this article misses the mark by not mentioning the importance of patching, and the need to stop using accounts with admin privileges when using the computer. Many of the malware attacks today will need to leverage one or both of these vectors to succeed, and you’ve done your readers a disservice in not mentioning them.

  2. I am curious, my work computer will NOT connect to any of your pages for security. It says that you originate in Bulgaria, don’t laugh my father was born in Sofia. Oh well please respond because I have found your pages helpful.

Leave a Comment