Choose your topics

What is Risk Management in Cybersecurity?

Let’s explore the essentials of risk management in the context of cybersecurity to help you understand how to identify, assess and mitigate cyber threats effectively.

Cyber Risk Management Enterprise Risk Management
3 Best Practices for Data Privacy

With more technology comes more data, and with that a greater need for data privacy enforcement. What best practices should you be following?

Data Privacy
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Cyber Security

Windows 10 Privacy: What do I need to consider?

Windows 10 Privacy: What do I need to consider?
Written by


Published on

20 Aug 2015

Windows 10 Privacy: What do I need to consider?


The 21st century has an ever changing demand for new technology which is faster and more innovative than its predecessors. Modern advancements in technology mean that science and technology are at the forefront of debate.

The release of Windows 10 on  29th July 2015 could not have come at a more opportune moment, just a week before security consultants from around the world gathered in the desert playground of Las Vegas for the Black Hat USA, Def Con and Bsides LV conferences. With recent security flaws hitting the headlines and one of the globes biggest software companies releasing its latest version the spotlight understandably shifted to ‘how secure is Windows 10’?

Windows 10

So a month after the launch, what does the world know about Windows 10 and how secure it is?  From a privacy perspective, it’s not immediately obvious to users exactly to what extent their user data is or is not being shared after upgrading to Windows 10.

Unfortunately, privacy can no longer be guaranteed in today’s digital age as Microsoft has joined the likes of corporate giants such as Google, Apple and Facebook in accumulating increased volumes of user information. Windows 10 by default gives itself the right to pass on user information to Microsoft Servers and use an individual’s bandwidth for Microsoft’s own purpose, in order to profile a user’s Windows 10 usage.

A prime example of this is Microsoft Privacy Policy, which is included in the Windows 10 end-user licence and applies to everything you do on a Windows Operating System, online or offline. Out of the box and if all default settings are chosen, Windows 10 is designed to monitor activity such as input and speech so it can personalise the user experience. In the most part this is great but it does raise security and privacy concerns.

Users may therefore want to opt out of serving up their user information on a plate and despite some Windows 10 features being impacted, it will provide the more privacy-conscious user with some piece of mind.

Following initial analysis of Windows 10, here are some tips to enable users to limit the information they share.

Installation – Custom Install Settings

When upgrading or installing Windows 10, there are a number of additional options if you select the ‘Custom Install’ mode rather than the default ‘Express Install’This allows the user to make changes to the installation and turn off certain functions which may impact their privacy. For example, within the ‘Customize Settings’ dialog there are several key options which users may wish to disable :-

There are also additional ‘Customize Settings’ options> Users may wish to turn these off as well with the exception of ‘SmartScreen’.

Windows 10 Settings to Disable

Once the upgrade has completed (or if you have already upgraded), there are some additional privacy related options which you may wish to review and disable. Equally, you may wish to review the privacy settings to ensure that are all set correctly.

Within the Settings menu (type “settings” into the handy search box on the taskbar next to the Start menu), navigate into the ‘Privacy’ area.

General Settings to Disable

In the ‘General’ tab users may wish to turn off everything apart from the ‘SmartScreen’ filter.

Location Settings to Disable

In the ‘Location’ tab you may wish to turn off location tracking altogether or be specific about which applications have access to your location to help protect your privacy.

Account Information to Disable

In the ‘Account Info’ users can stop applications from being able to access their name, picture and other account info.

Messaging Settings to Disable

In the ‘Messaging’ tab you can prevent applications from being able to read/send messages or control which apps can.

Other Devices to Disable

In the ‘Other Devices’ tab users can disable their Windows 10 devices from automatically sharing and syncing information with wireless devices that haven’t been explicitly paired with the PC, tablet or phone. This is a key setting to disable, not so much for privacy but for wider security of your system and data.

Feedback & Diagnostics Settings to Disable

In addition, it is a good idea to disable automated feedback data to help protect privacy and also limit the volume of diagnostic and usage data that is sent to Microsoft.

Account Settings to Disable

If you want to help protect your privacy even further, consider not using a Microsoft account. You’ll lose a lot of the cloud benefits such as syncing of settings with Skydrive but in turn most user information will remain local to an individual’s PC.

Other Key Privacy Issues to Consider

Cortana ‘Speech, Inking & Typing’ privacy option

Microsoft’s new challenger to Siri, the Cortana personal assistant, and Edge browser are designed to take advantage of as much personal information as possible in order to customize user experience. You can be rid of Cortana (well almost) by selecting the ‘Stop getting to know me’ options within the ‘Speech, inking & typing’ privacy options. However, to fully clear Cortana’s history you’ll need to visit your online account and remove the information. This in turn will help protect your privacy but requires a handy piece of software engineering.

Disabling ‘WiFi Sense’

Microsoft’s ‘WiFi Sense’ aims to automatically connect users to nearby Wi-Fi networks it trusts, which in itself it not something new, but what’s interesting is the option to share password-protected WiFi access with any of your contacts, allowing them to access your network without needing a password. Privacy related concerns again relate to the Microsoft Servers that store this data or even stored hashes, somewhere on the device itself. There has been a lot of controversy about this feature in the media, so for the moment at least it’s a good idea to disable this within ‘Manage Wi-Fi Settings’.

Final Thoughts

Whilst Windows 10 brings a number of great enhancements and improvements to Windows 7 and 8, it also appears to share ‘out of the box’ a lot more than you may be expecting to ‘enhance’ the user experience. Those who are conscious of their privacy in this fast-paced and rapidly growing online world, where user data seems to be compromised on a daily basis, may want to choose exactly what they are sharing with Microsoft, or anyone else for that matter.


Microsoft. (2015).  Privacy Statement.
Microsoft. (2015). Microsoft Services Agreement.
BlackHat USA. (2015).
Defcon  (2015).
Bruce Schneier (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. USA: W. W. Norton & Company
Jeff P & Chris S. (2015). Fiat Chrysler Knew of Hacking Risk 18 Months Ago.…
Guardian. (2015).  Windows 10: Microsoft under attack over privacy Statement. Available: