Popular exercise app Strava, has indicated from research from the second Friday of January is “quitters’ day”– this is the day when most people are likely to give up on their New Year’s resolutions.
This is the day when all those good promises made back in December go up in flames. Running shoes across the globe are thrown to the back of the nearest closet, never to be seen again. Gym memberships are forgotten about. And new hobbies fall by the wayside.
The biggest issue with a lot of New Year’s resolutions is their difficulty. Sure, the end gains might be awesome, but what about all the pain and effort to get there?
But not all resolutions need to be difficult or destined to fail. Take, for instance, this list of easy cybersecurity New Year’s resolutions.
Unlike attempting a marathon or taking up a new hobby, they don’t require many hours of your time to get some good results. Nor do you require to go out and spend a fortune on expensive new tools or overhaul existing processes. All it takes could be a few tweaks here and there to get your business’s cybersecurity ready for the year ahead.
And the best part? Once you are in the habit, you are unlikely to break them.
1. Start patching and updating software regularly
We bang on about patching all the time at UK Cyber Security Ltd. Regular visitors to our blog will notice it is mentioned at every available opportunity. However, as repetitive as it may be, there is a very valid reason behind our love for patching.
Regularly updating your software and operating systems is one of the easiest and most effective ways to improve your cybersecurity. Even, the best software becomes outdated or vulnerabilities are found and, when it does, cybercriminals quickly have an easy way into your network.
Fortunately, avoiding the worst is extremely easy and it should not take you more than a few minutes every month. All that is required is that you check every so often for any new updates to any of the software you use. Even easier, simply switch on auto-updates in your device’s settings, and you will not even have to think about it.
To learn more about patching, check out our article on the subject: patch management.
2. Create a password policy
Of all the cyber resolutions here today, creating a secure password policy is definitely the easiest. Most people know the relevance of strong passwords, but that does not stop us from using the same easily-guessable passwords that we have been using since the beginning of the internet for everything. We are only human after all.
The problem is that this poses a huge risk to security. It only takes one cybercriminal to crack one insecure password in your company for a disaster to happen. But the good news is that fixing this is easy.
Setting up a password policy and making sure everyone in the company adheres to it. Frequently, it does not take a great deal more than a well-worded email and a few friendly nudges to get people on board.
What should the policy contain? Well, a good password policy should have four key points:
- Always use complex passwords that are a combination of letters, numbers and symbols. Google Chrome browser has built-in tools like a password generator that is good for this
- Set up different passwords for different accounts, on all the tools and software used in the company. If you have difficulties in remembering them, consider using a secure password management tool such as LastPass or 1password
- Change passwords frequently
- Use two-factor authentication (2FA) whenever possible
3. Use encryption for everything
Encryption is one of those concepts that most people have a vague idea they should be using it. However, lots of us are put off by the misconception that it’s hard to set up or difficult to understand if you are not of the techy persuasion.
But really, this could not be more distant from the truth. You have probably already used encryption many times in your daily life, you just do not know it. Have you ever sent a message on WhatsApp? That is encrypted. Purchased something from a web store? Encrypted.
We will not go into precisely how it works (if you would like to gain more knowledge we have a whole article on the subject) However, essentially, encryption pseudo-randomizes the information so that only an authorized recipient with a key can unlock it.
Due to the intricacies of the randomization process, encryption is nearly impossible to crack so it offers a level of security protection that passwords alone cannot match. Better still, once you have set the process in motion and are used to using it, it is unlikely you will ever have to consider it again.
4. Make cybersecurity a part of your yearly budget
58% of all cybercrime attacks are on SMEs systems. Small businesses and their inherent ability to absorb an attack are limited. Research from Gallagher, an insurance and risk consultancy firm, found that if hit by a cyberattack over 50,000 UK SMEs would collapse.
Given these risks, you would expect cybersecurity to be top of most companies’ budgeting lists. But the reality is often very much the opposite. It’s not hard to determine why; if you are an SME performing financial wizardry every year just to balance the books, cybersecurity can seem like a ‘nice to have’ instead of a ‘must have’. It is this that leads to so many smaller businesses just making do with anti-virus and not much else.
Unfortunately, firms that do this are playing Russian roulette without being knowing it. It is only a matter of time before an enterprising cybercriminal will take advantage of weak defences, regardless of how small your business is. It is a straightforward thing but make 2022 the year cybersecurity features in your budget and make this a permanent thing.
5. Get your company Cyber Essentials certified
If you know of Cyber Essentials, you are probably questioning this suggestion. Is Cyber Essentials certification a long, drawn-out process that can take a long time to accomplish? This is hardly fitting for a list of ‘simple’ resolutions.
Well, the reality is that getting Cyber Essentials certified is sometimes like that. However, it does not have to be so. At UK Cyber Security Ltd we provide a Cyber Essentials certification solution that can take as low as 24 hours, with no need for constant ‘too and frow’. We will tell you whether you are able to pass before you submit and help you address any issues, so you merely have to complete it once.
Being Cyber Essentials certified is a requirement for most government contracts and can protect your company from 98.5% of cybersecurity issues. But the advantages do not stop there. It is also a fantastic indicator of your company’s commitment to security, making you stand out as trustworthy and safe for potential partners and customers to do business with.
This concludes our 2022 cybersecurity New Year’s simple resolutions. Although we would recommend accomplishing all that we have suggested, even adopting only one will noticeably improve your company’s cybersecurity. So why not start the year off with a resolution you will keep?
Looking to enhance your cybersecurity but not sure where to start? Begin 2022 the correct way, by getting certified in Cyber Essentials, the UK government scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks.