Making sure that you stay safe and secure when you use your computer at work is not just good for you, it’s good for business. Here’s how you can contribute to a safer and more secure workplace.
Stay up to date: Make sure that you are receiving automatic updates from Windows Update, and that you install any updates that your company requires. Keeping Windows, Microsoft Office, web browsers, and other software up to date will help protect your computer and your company.
Install with caution: Avoid installing any software from outside your workplace that is not approved or administered by your company. Unauthorized programs have the potential to create security vulnerabilities.
Use Windows Hello for authentication: You can sign into Windows more securely using Windows Hello facial recognition, fingerprint, or PIN. See Learn about Windows Hello and set it up.
Keep strong passwords: If you must use a password, use a strong one. A strong password is at least 13 characters or more, and contains a combination of uppercase letters, lowercase letters, numbers, and symbols. Do not reuse old passwords or passwords that you're using in other places. For more password tips, see Protect your passwords.
Click carefully: Be mindful of suspicious links. They can appear in email, tweets, posts, online ads, messages, or attachments, and sometimes disguise themselves as known and trusted sources. See Protect yourself from phishing.
Beware of public Wi-Fi: If you connect to an unsecured Wi-Fi network with a company device, you’re putting yourself and your company at risk. Find out if your company has a virtual private network (VPN) that you can access when you need to use Wi-Fi away from the office.
Store your data safely: If your company provides a resource for storing your work such as OneDrive for Business, or SharePoint, you should use that whenever possible rather than storing work only on your local computer. By saving your files on company resources you can be more confident that they're securely backed up and always available, even if your local device gets damaged or stolen.
Ring the alarm: If you’re using your computer and notice something strange, let your company’s IT department know about it. They may need to take action to identify and contain the issue. This helps ensure that your company network stays secure. If you have been victimized by a scam or your files are held by ransomware, avoid dealing with the scammers directly.
Browse the web safely: Avoid visiting sites that offer potentially illicit content. Many of these sites install malware on the fly or offer downloads that contain malware. Use a modern browser like Microsoft Edge, which can help block malicious websites and prevent malicious code from running on your computer.
Be on the lookout for scams: Some scammers search social media for employment information and send emails that appear to be about work-related transactions. Be careful when responding to or acting upon unsolicited communication whether through email, phone, or SMS. The FBI regularly warns about business email scams and provides contact information for complaints and reports.
Avoid sharing work-related info on social media: Sharing too much detail about your work responsibilities and contact information on social media can attract scammers. They might leverage this information to send you targeted scam messages that appear legitimate.
Also, before sharing any photos on social media look closely to make sure there isn't something in the background of the photo - such as usernames or passwords, names or addresses, confidential information - that shouldn't be shared publicly.
Protect physical devices: Removable drives and mobile devices, including laptops and cellphones, are easily stolen along with all the data they contain. Keep these devices safe and stored properly, especially when using them in cafes or leaving them in your car.
Any device with sensitive data on it should be encrypted. See Turn on device encryption for more information.
Working from home? See Top tips for working more securely from home.
Prevent and remove malware with Windows Security
One important step toward greater workplace security is to protect your computer against malware. Windows Security (or Windows Defender Security Center in previous versions of Windows) is built-in to Windows and provides real-time malware detection, prevention, and removal with cloud-delivered protection. For more info, see Help protect my device with Windows Security.
Microsoft Defender Offline
Microsoft Defender Offline runs outside of Windows to remove rootkits and other threats that hide from the Windows operating system. This tool uses a small, separate operating environment, where evasive threats are unable to hide from antimalware scanners.
Since Windows 10, Microsoft Defender Offline is built-in to the operating system and can run from Windows Security. It is provided as a separate download for previous versions of Windows.
Microsoft Safety Scanner
If you're still running Windows 8 then the Microsoft Safety Scanner provides full and comprehensive on-demand antimalware scans. It offers robust offline scan and cleanup capabilities. However, it does not provide the real-time and cloud-based protection that is available with Windows Security.