As regular britcommerce readers will know, 2024 was, like previous years, full of data breaches, ransomware attacks, and massive hacks that exploited some of the most trivial software vulnerabilities. Even the best-resourced organizations have failed to keep hackers out of their systems over the past twelve months. AT&T experienced its second massive breach of the year, this time affecting “almost all customers”; Ticketmaster allegedly had 560 million records stolen in attack on cloud storage giant Snowflake; and health insurance giant Change Healthcare was hit by a ransomware team that accessed the sensitive medical details of at least a third of all Americans.
Your startup doesn’t have to suffer the same fate in 2025. Some of the simplest security things can help keep malicious hackers at bay.
Here are some simple, but effective ones! – cybersecurity resolutions you should make as we approach the new year.
Securely store your company passwords
Password managers securely store all of your company’s passwords, so your employees don’t have to worry about remembering them. Password managers also help you create and save unique and complex passwords for all your accounts. This can help prevent account breaches caused by password reuse, where hackers take advantage of people who use the same username and password across multiple online accounts. As soon as a password is compromised, hackers can access the person’s other accounts using the same password. Some companies are moving away from passwords entirely and relying on passcodes, which are resistant to phishing attacks, and other passwordless technologies.
Implement multi-factor authentication
Passwords alone are not enough to defend your most important accounts against malicious threats. Hackers stole at least 1 billion personal records in 2024, helped largely by the use of stolen credentials for corporate accounts left unprotected by multi-factor authentication.
MFA, a security feature that requires users to provide an additional code in addition to a password when signing in, makes it much more difficult for cybercriminals to break into online accounts. In the case of cloud computing giant Snowflake, requiring the use of MFA could have prevented a pair of hackers from stealing highly sensitive data from AT&T and over a hundred other corporate clients.
Most security managers will recommend using authenticator apps that generate login codes on the device, rather than codes sent via SMS text message, which in some cases can be intercepted.
Keep your software up to date
Some of the most damaging breaches of 2024 were caused by a years-old problem: unpatched vulnerabilities in third-party software. A big hacking target in recent years is managed file transfer tools, the software used by large companies to transfer data files, often large, over the Internet. Some file transfer products and other business technologies have been around for years (or longer) and are under fire for their propensity to store large amounts of sensitive business data.
While some bugs are exploited as zero-days (a vulnerability that comes to light before a patch is available), the best thing companies can do is ensure that their internal software is kept up to date and that security patches are applied as soon as possible. .
Backup your company data
Ransomware attacks had another record year in 2024, with companies paying hackers huge sums of money to recover their data (and prevent it from being leaked online). Regularly backing up your company’s data is a critical line of defense against data encryption and data theft attacks. Hackers can also attack backups for their ability to help victims effectively restore their business operations without significant data loss. Having encrypted external backups can help in case of security or data disasters.
Stop answering the phone
While hackers have for years relied on malware-laden email lures as their weapon of choice against unsuspecting victims, some hacking groups are turning to fraudulent phone calls as their primary way to hack organizations. A single phone call to casino and hotel giant MGM’s IT helpdesk reportedly led to its massive breach in 2023, costing the entertainment giant at least $100 million. As britcommerce’s Zack Whittaker writes perfectly here: Always be skeptical of unexpected calls, even if they come from a contact that appears legitimate, and never share sensitive information over the phone without first verifying them through another means of communication.
Be transparent
Even if you do everything right, there are no guarantees that your startup won’t be a target. Startups are a prime target for hackers, thanks to their limited resources compared to larger companies. If your business is the victim of a cyberattack, being honest about the incident can make a real difference in terms of results. Transparency can help your customers take necessary action, and sharing information can help others defend against similar attacks in the future.
Keeping a data breach secret can not only cause reputational damage and potentially cost you significant fines, but it could also earn you a spot on britcommerce’s annual roundup of “mishandled breaches.”