Windows users can significantly bolster their defence against malicious ransomware attacks by enabling a built-in security feature called 'Controlled folder access'. Available on both Windows 10 and Windows 11, this often-overlooked setting provides a critical layer of protection against malware designed to encrypt and lock access to valuable personal files, such as family photos, important documents, and work files.
Ransomware operates by taking your files hostage and demanding payment, often with no guarantee of their restoration. While antivirus software aims to prevent such threats from entering your system, 'Controlled folder access' works differently. Once activated, it monitors and restricts untrusted applications from making unauthorised changes to specified folders, including your Documents, Pictures, Videos, Music, and Desktop. This means that even if ransomware somehow bypasses your antivirus, it will struggle to encrypt your most important data.
Despite its importance, the feature is not always enabled by default on all PCs. This is partly to avoid legitimate applications from being unexpectedly blocked from saving or editing files when first used. However, users can easily activate it within minutes. To do so, navigate to Settings > Privacy & security > Windows Security > Virus & threat protection. Scroll down to 'Ransomware protection' and select 'Manage ransomware protection', then toggle 'Controlled folder access' to 'On'. If prompted, approve the change using User Account Control.
Should a legitimate application be blocked after enabling the feature, users can simply add it to an 'allowed list' within Windows Security. This allows continued use of trusted software while maintaining the enhanced ransomware protection. While 'Controlled folder access' isn't a silver bullet against all cyber threats, it serves as a robust additional safeguard, complementing other good online security habits.
Beyond enabling 'Controlled folder access', UK consumers are reminded to practice broader digital hygiene. This includes regularly updating Windows to patch security vulnerabilities, backing up important files to cloud storage or external drives, using strong and unique passwords, and enabling two-factor authentication (2FA) on online accounts. These combined measures create a much more secure digital environment, reducing the risk of data loss and financial extortion from cybercriminals.