Seven Cybersecurity Resolutions for the New Year


Stryve’s CISO, Paul Delahunty, offer practical tips and advice to help you start your year on the right foot

For many, starting the new year on the right foot is a top priority. For others, it is seen as a fad.

But whether you buy into the concept of resolutions or not, this time of year is undeniably a good chance to reflect. It is an opportunity to take a step back and evaluate what you would like to improve in the coming months.

In this blog, our CISO, Paul Delahunty, offers seven cybersecurity resolutions for the year ahead. Although timeless, these recommendations are sure to help when it comes to setting the right tone for the year ahead.

Resolution One: I Will Carry Out a Risk Assessment

Paul recommends starting the new year by getting a comprehensive overview of how things stand. And what is the best way to do that? By performing a risk assessment!

Risk assessments provide an honest evaluation of what things look like; they draw a baseline and help you understand what needs fixing. Paul urges all companies to carry out a risk assessment on an annual basis.

Some companies should also perform an annual pen test but carrying out a risk assessment is a good place to start. If you think you may also need a pen test, check out our blog to learn more about the difference between a risk assessment and a pen test.

Resolution Two: I Will Improve My Information Security

Paul reckons that getting on top of your information security is one of the best things you can do for your business.

There are a few key questions to ask yourself:

1. Do you have a disaster recovery plan?

2. Do you have backups?

3. Are your backups immutable?

As the saying goes, by failing to prepare, you are preparing to fail. Backups and DR are something that every business, no matter the size or industry, should be investing in.

Resolution Three: I Will Do My (Cybersecurity) Training

When most people think of increasing their training in the new year, cybersecurity is usually not what comes to mind. However, now is the perfect time to set the right tone for your employees and ensure that cybersecurity is on the agenda, right from the very beginning.

Training will mean different things for different organisations. For some, it may simply be an internal session with your in-house cyber experts. Others may have to organise external training. Some may even use e-learning platforms, like the Sleepless Learning Platform.

Paul also points out the importance of mentioning security in your communications with employees, like your weekly comms email. As well as this, small steps, like sticking up posters around the office can go a long way when it comes to improving cyber awareness.

Resolution Four: I Will Get My Policies in Order

The start of the year is the perfect time to ensure that your policies are up to date and in good shape. It is also a good time to start making policies if you have not already done so.

This resolution goes hand in hand with cybersecurity training. Comprehensive training coupled with robust policies are instrumental in improving your overall cybersecurity posture.

Paul recommends that any policies clearly outline, in plain English, what standards your company will abide by and everything that the organisation does not allow.

Resolution Five: I Will Work on My (Cybersecurity) Assets

It is very difficult to protect your assets if you do not know what assets you have. Paul advises every company to keep a comprehensive list of its assets. If you do not already have one, now is the perfect time to start!

He points out that the first two, arguably even three, Critical Security (CIS) Controls talk about assts. These controls form part of the baseline we use to carry out our risk assessments.

Getting a clear picture of what you need to protect ensures that nothing gets overlooked.

Resolution Six: I Will Secure My Devices

Like many of these resolutions, securing your devices is not something that should be only thought of annually. However, if you have not managed to keep on top of this in years past, now is a good time to make a plan for how you will in the months to come.

Securing your devices can mean many things including:

1. Encrypting devices;

2. Performing software updates;

3. Setting up Multifactor Authentication (MFA);

4. Ensuring your antivirus software is on.

Resolution Seven: I Will Work on Physical Security

A comprehensive cybersecurity plan will also encompass physical security. Although less commonly considered, Paul recommends that employees stay cognisant of their physical surroundings to ensure they can protect their remote assets.

This may include challenging someone you do not recognise in the office or implementing a clear desk policy. Physical security is a key part of building a strong cybersecurity culture and should not be overlooked.

Sometimes knowing how to improve your cybersecurity can feel like an overwhelming task. These bite-sized resolutions break it down and offer practical tips on how to improve your cybersecurity posture over the coming months.

Every business is unique and, with that, has individual concerns and needs. If you would like tailored advice, specific to your business, please get in touch with us today to learn more.

Do you have 5 minutes for a quick chat?