Home Security

Windows 11 Security Checklist for Home Users

You do not need to be a computer expert to keep your Windows 11 PC safe. This checklist covers the most important security settings, written in plain language. Most items take less than 2 minutes.

Get Help Securing Your PC

12security items to check

30 minor less to complete

95%of attacks are preventable

$0cost to implement

1. Turn On Windows Update (Auto) 2 min

Windows updates fix security holes that hackers actively exploit. Keeping your PC updated is the single most important thing you can do.

Open Settings > Windows Update
Click Check for updates and install everything listed
Make sure Get the latest updates as soon as they are available is turned on

Why it matters: Windows 11 installs updates automatically by default, but some users turn this off because updates require restarts. Leave it on. The risk of being hacked through an unpatched vulnerability is far greater than the inconvenience of a restart.

2. Make Sure Windows Security Is Running 1 min

Windows 11 includes Microsoft Defender, a built-in antivirus. It is good enough for most home users and you do not need to pay for a third-party antivirus.

Open Windows Security (search for it in Start)
Check for green checkmarks next to Virus & threat protection
Check for green checkmarks next to Firewall & network protection
Check for green checkmarks next to Device security

If you see yellow or red warnings, click on them and follow the instructions to fix them immediately.

3. Turn On Ransomware Protection 2 min

Ransomware encrypts your files and demands payment to unlock them. Windows has a built-in feature called Controlled Folder Access that blocks unknown apps from changing files in your Documents, Pictures, and Desktop folders.

Open Windows Security > Virus & threat protection
Scroll to Ransomware protection and click Manage ransomware protection
Turn on Controlled folder access

If a legitimate app gets blocked, you can add it to the allowed list from the same settings page.

4. Use a Strong Lock Screen PIN or Password 2 min

Anyone with physical access to your PC can access your files if there is no password set.

Open Settings > Accounts > Sign-in options
Set up Windows Hello PIN (minimum 6 digits, preferably longer)
Set up Windows Hello fingerprint or facial recognition if your PC supports it
Consider setting up a passkey at Settings > Accounts > Passkeys for phishing-resistant sign-in

A 6-digit PIN on Windows 11 is more secure than it sounds. It is tied to your specific device and locks out after a few failed attempts. Passkeys take security a step further by eliminating passwords entirely.

5. Turn On Find My Device 1 min

If your laptop is lost or stolen, this feature helps you locate it. It requires you to be signed in with a Microsoft account.

Open Settings > Privacy & security > Find my device
Turn it On

6. Review App Permissions 5 min

Apps can request access to your camera, microphone, location, and files. Review what you have allowed and revoke anything unnecessary.

Open Settings > Privacy & security
Scroll down to App permissions
Click through Camera, Microphone, Location, and other categories
Turn off access for apps that should not have it (e.g., a game does not need your microphone)

7. Turn On Two-Factor Authentication for Your Microsoft Account 5 min

If someone guesses or steals your Microsoft account password, two-factor authentication stops them from logging in.

Go to account.microsoft.com/security
Click Advanced security options
Under Two-step verification, click Turn on
Follow the setup steps using the Microsoft Authenticator app on your phone

8. Use a Password Manager 10 min

Using the same password on multiple websites is the most common way people get hacked. A password manager creates and stores unique passwords for every site.

Bitwarden

Free, open source

Edge Password Manager

Built into Microsoft Edge

Microsoft Authenticator

Manages passwords and passkeys

Install a password manager
Let it generate random passwords for your accounts
Change your most important passwords first: email, banking, social media

9. Be Careful with Email Links and Attachments

Most hacking starts with a phishing email. Before clicking any link in an email, check these warning signs.

Always Check

Sender address - does it match who they claim to be?
Hover over links - does the URL go where you expect?

Red Flags

Urgency language - "Your account will be closed in 24 hours"
Unexpected attachments - especially .exe, .zip, .js, or .docm files

If an email from your bank, Amazon, or Microsoft asks you to click a link and log in, do not use the link. Open your browser and go to the website directly by typing the address.

10. Back Up Your Files 3 min

If your PC breaks, gets stolen, or is hit by ransomware, your files are gone unless you have a backup. Use both methods for maximum protection.

Option A: OneDrive (Easiest)

Open Settings > Accounts > Windows backup
Turn on OneDrive folder backup for Desktop, Documents, and Pictures
Files are backed up to the cloud automatically

Option B: External Hard Drive

Plug in an external USB hard drive
Open Settings > System > Storage > Backup options
Turn on Automatically back up my files

The best backup strategy uses both: OneDrive for everyday protection, and an external drive stored somewhere safe for worst-case scenarios. If ransomware encrypts your files, it can also encrypt your cloud sync, but an offline external drive is safe.

11. Review Installed Programs 5 min

Remove programs you do not use. Unused software can have unpatched vulnerabilities that hackers exploit.

Open Settings > Apps > Installed apps
Sort by Install date
Remove anything you do not recognise or no longer use

12. Keep Your Browser Updated

Your web browser is your main exposure point to the internet. Ensure it is always up to date.

Microsoft Edge

Updates automatically with Windows Update

Google Chrome

Three dots > Help > About Google Chrome

Mozilla Firefox

Menu > Help > About Firefox

Quick Reference Card

Setting	Where	Time
Windows Update	Settings > Windows Update	2 min
Windows Security check	Windows Security app	1 min
Ransomware protection	Windows Security > Virus & threat protection	2 min
Lock screen PIN / passkey	Settings > Accounts > Sign-in options / Passkeys	2 min
Find My Device	Settings > Privacy & security	1 min
App permissions	Settings > Privacy & security	5 min
Microsoft account 2FA	account.microsoft.com/security	5 min
Password manager	Install Bitwarden or use Edge	10 min
OneDrive backup	Settings > Accounts > Windows backup	3 min
Remove unused apps	Settings > Apps > Installed apps	5 min

Need Help Securing Your Windows 11 PC?

If any of these steps feel overwhelming or you want a professional to review your setup, our team can help. We offer on-demand support and full computer security checkups for home users.

Get On-Demand IT Support Computer Repair Services

Get Security Insights Delivered

One email per month with our best articles. No spam.