Ransomware, outdated programs with unpatched security flaws, and your own negligence can make a Windows 10 PC vulnerable to potential security attacks.

That said, Windows 10 is still the most secure version of the OS released by Microsoft to date. But, as they say, in cybersecurity, there is no such thing as too much security. So, here is a checklist of best practices to help you make your Windows 10 PC more secure and reduce the risk of potential attacks.

1. Uninstall Flash From Windows 10

Adobe Flash has reached its end of life and for good. Plagued with multiple security issues that required consistent patches to run, most modern browsers stopped supporting Flash content long ago.

If you had Flash installed and haven’t removed it yet, it is time. Apart from freeing up some space on your computer, uninstalling it will help you prevent potential security threats to your PC due to new loopholes.

Uninstall Flash with Windows Update (KB4577586)

Windows Update KB4577586: This update removes Adobe Flash Player installed on your computer. Microsoft has released it as a cumulative Windows update. If you don’t have this patch installed yet, you can manually download it from the Windows Update Catalog.

Windows KB Update to remove flash

Run the update and follow on-screen instructions. Once installed, it will remove the Flash Player from your PC.

Use the Flash Player Removal Tool

Adobe provides an easy way to uninstall its Flash Player from Windows computers via a dedicated Flash removal tool. To use the tool, download it to your computer and save the installer.

Adobe Flash removal tool

Before you run the installer, make sure to close all programs, including the browser that uses Flash. Next, run the installer and click Yes when prompted by UAC (User Account Control). Finally, click Uninstall and then Restart to remove the files.

After the restart, Press the Windows key + E key to open File Explorer. In File Explorer, copy and paste the following path to navigate.

C:\Windows\system32\Macromed\Flash

Delete all the files in this folder. Next, Repeat the steps by opening the following locations.

C:\Windows\SysWOW64\Macromed\Flash

%appdata%\Adobe\Flash Player

%appdata%\Macromedia\Flash Player

Now that you have got rid of Flash from your PC, let's remove it from your browser as well. Even though modern browsers do not support flash content, your browser may still have the Flash plugin enabled. Here's how to remove Flash from your browser.

Disable Flash Plugin in Web Browser

Google Chrome 

  1. Open Chrome and click on the Menu. Then choose Settings from the options.
  2. Next, open the Privacy and Security tab from the left pane. Scroll down and click on Site Settings.
  3. Scroll down to the Content section, click on Flash and disable it.

Mozilla Firefox

  1. Launch Firefox, enter About:addons in the address bar, and hit enter.
  2. Open the Plugins tab from the left pane and locate the Flash add-on. Then click the drop-down button and set it to Never Activate.

You don't need to disable flash on your Chromium-based Edge browser as it comes disabled by default. The Flash option may not be available on the latest version of Chrome and Firefox. In that case, you don't have to disable it manually.

2. Create a Restore Point

Think of Restore Points as a snapshot of your system that lets you revert Windows to its last working state by undoing system changes. While the feature is available on all versions of Windows, you need to enable it from System Properties to put it to work.

Windows automatically creates a restore point when you install a new piece of software or Windows update. However, before making a major change to your systems, such as editing registry files or hardware changes, it is better to create a restore point manually.

Enabling and creating restore points is easy. However, if you want to enable daily restore points in Windows 10, it is a little tricky. To achieve this, you need to tweak some Group Policy entries for Windows 10 Pro and registry entries for Windows 10 Home users.

3. Enable BitLocker Encryption

Windows 10 Pro and Enterprise versions come with an inbuilt disk encryption tool called BitLocker. This data protection feature integrates with Windows and protects your data from theft or unauthorized access by encrypting the storage drive.

BitLocker uses TPM (Trusted Platform Module) version 1.2 or later to help protect your data offering optimal security when the system is offline. On non-TPM systems, you must use a USB startup key or PIN to start the encrypted computer or resume hibernation.

If you are on Windows 10 Home, there are some excellent alternatives to BitLocker to consider. Irrespective of the encryption tool you decide to use, full disk encryption is a must for end-point protection.

4. Install Apps From Known Sources

Installing apps from third-party sources or outside the Microsoft Store can be risky for new users. To minimize the risk, you can configure Windows 10 to alert you when installing an app that’s not from the Microsoft Store.

Set up where to get apps

Here’s how to do it.

  1. Click on Start and choose Settings. Then, choose Apps from the Settings window.
  2. Click the drop-down menu under Choose where to get apps, and select Anywhere, but warn me before installing an app that’s not from Microsoft Store.

5. Avoid Pirated Content

Pirated content such as movies and paid software are common sources of malware. When downloading any software, media contents, or documents, make sure to download from the trusted sources. Trusted sources include Microsoft Store and official software developer store and redistributors.

6. Keep Windows 10 and Other Apps Updated

Microsoft has enabled automatic updates for Windows 10. Yet, due to the horror stories related to automatic updates, some users may choose to delay Windows updates.

Update Windows 10

That said, it is critical to install security patches to protect your system from security threats. Even if you are running anti-malware software, new loopholes are discovered every day.

Apart from Windows updates, ensure all apps installed on the PC are up to date. Legacy applications are more prone to cyber-attacks. Installing updates will ensure you have the latest security patches and also bring performance improvements.

7. Remove Unnecessary and Unused Apps

It is common to have apps that you haven’t used in years. Apart from taking up precious storage space on your SSD, unused programs can be a security risk if a new chink is discovered.

To uninstall unused apps in Windows 10, click on Start and type control in the search bar. Then, click on the Control Panel to open it.

Uninstall Windows 10 apps

In the Control Panel, go to Programs and open Programs and Features. This will populate the screen with all the installed apps.

Go through the list, select the app to remove, and click Uninstall. Repeat this with all the apps that you want to remove.

8. Enable the Control Access Folder

Control Access Folder is part of Microsoft Defender Antivirus. This optional tool offers protection against ransomware attacks by preventing malicious software from encrypting your data and making unwanted changes.

When enabled, it can monitor any apps trying to modify the files in the protected folder without authorization. It will block the attempt and alert you of suspicious activity.

Here’s how to enable Control Access Folder in Windows 10.

  1. Click on Start and choose Settings.
  2. Open Updates & Security.
  3. Click on the Windows Security tab from the left pane.
    Windows 10 Security
  4. Click on Virus & threat protection under the Windows Security section. This will open the Windows Security window.
  5. Scroll down to Ransomware protection and click on the Manage ransomware protection link.
    Windows 10 Ransomware protection
  6. Toggle the switch to enable Control Folder Access. Click Yes when prompted by Windows Security to confirm the action.
    Content Access Folder Windows 10
  7. To add folders, click the Protected Folders option. Click the Add a protected folder button, choose the folder and click Add folder.

After you have added the folders, the anti-ransomware feature will monitor the new locations for suspicious activity. Click on the Block history link under the Controlled Folder Access section to view all the blocked actions.

9. Separate Personal and Work Computing

A single device for personal and work use is easier. However, if you are using a laptop that your company controls with administrative access, privacy will always be a concern.

Also, a compromised work computer could breach both your work and personal data (or vice versa). So, it is best to keep personal and professional data on separate devices.

It's Always Good to Err on the Side of Caution!

Keeping your computer secure doesn't have to be cumbersome. Fortunately, Windows 10 has plenty of optional security features that can help you avoid potential attempts to steal sensitive information.

But that's not it! There are plenty of other ways to secure your computer as well. Enabling the firewall, installing third-party antivirus and security solutions, using VPN, and two-factor authentication can help you secure your Windows PC and give you peace of mind.