New Year Resolutions – business IT security version

New Year, new you? The New Year is the time many organisations choose to reset and set new goals. And when it comes to business IT security, 2024 is going to be the make-or-break year for many organisations.

Malicious cybercrime is on the rise. In 2023, the average cost of an attack against a medium-sized UK business was £4960. Business as a whole lost millions of pounds.

What’s more, around 1 in 3 businesses say they are attacked at least once a week. And next year, these figures are all set to go up.

So, what are you intending to do to ensure you’re not one of these statistics? What are your top New Year business cybersecurity resolutions?

If you’re struggling to know where to start with this complicated topic, here are a few ideas:

Your Top 6 business IT security resolutions

1) Invest in cybersecurity training

In 2023, one of the biggest reports into business data breaches found that a whopping 74% of 950 000 incidents reported were, essentially, human error.

This is largely due to the huge increase in the volume and sophistication of phishing attacks and other kinds of “social engineering”. This is the kind of attack where a member of your team is tricked into  handing over access to your system.

Social engineering is a problem that’s only going to grow in 2024. In fact, with the addition of LLM (Large Language Model) AI such as ChatGPT to the equation, it’s likely to get a lot worse.

The various strategies involved in social engineering are getting way more sophisticated. They’re also getting more targeted and extreme, linking into blackmail and extortion attempts.

All of this means that number one on the New Year’s wishlist of most organisations should be team cybersecurity training in how to spot this kind of threat.

2) Keep on top of new challenges (like AI)

It’s always a mistake to treat your organisation’s cybersecurity as being “finished”. Effective cyber protection needs to be constantly updated as threats grow and change and develop.

For instance, ChatGPT has popularised the idea of generative AI to the point where it seems to be everywhere. Now, love AI or loathe it, this has one big repercussion for your business’s digital security:

Namely, that in order to create output, generative AI requires input. In the case of generative AI integrated into Software as a Service platforms, for example, this input is frequently your company’s data.

What happens to that data once the AI “learns” from it? Or when a team member enters some sensitive information? The developer of your AI may have a very different data retention policy to you.

This is just one example of why a roadmap towards improving your cybersecurity and better monitoring of the wider cybercrime landscape should be on your list of resolutions too.

3) Know where your devices are

One of the biggest holes in the cybersecurity of organisations in a wide range of industries is centred around their device management (or lack thereof).

If you let your employees regularly use devices (laptops, mobiles, tablets) that aren’t set up by your in-house IT specialists or Managed Service Provider (MSP), 2024 is the year to finally stop that happening.

This is even more important in an IT security landscape where mobile ransomware attacks are on the rise in a big way.

Mobile ransomware is designed to let an attacker lock out a device so they can demand money to return access. Cyber specialists are also predicting an escalation into identity theft and company data compromise.

This is because bad actors are increasingly aware of the laxity with which many organisations treat their employee’s device security and now see it as a backway into the system as a whole.

4) Plan to be resilient as well as secure

Even if your digital security meets leading compliance standards and is kept constantly up-to-date and monitored by your Managed Service Provider, it’s still almost impossible to guarantee complete protection.

This makes it important to be resilient as well as secure. Have a plan for what you (and your team) will do in the event that you do suffer a successful cyber attack of some kind:

  • What will your immediate actions be?
  • Who will you need to notify?
  • How will you minimise downtime?
  • How will you reassure your customers and partners?

If you’re not sure where to start with creating a “disaster recovery plan” like this, talk to your MSP.

5) Become compliant

It’s taken a while, but a growing number of organisations and national governments are acting on the dangers of cybercrime.

Part of this is growing demands for businesses to be compliant with set regulatory frameworks. For instance, UK businesses need to be compliant with the Product Security and Telecommunications Act by April 2024.

The EU has similar legislation coming in for 2025. Australia has long been behind the curve in this field, but it seems likely it may start to issue fines for lax cybersecurity starting in 2024.

This means 2024 is the year to make your business compliant with key IT security frameworks like ISO 27001 or IASME Cyber Assurance.

An ideal place to start for UK businesses is the government-backed Cyber Essentials scheme. This gives you a solid baseline to aim for. It’s also mandatory if you’re applying for any government contracts.

6) Start getting your cybersecurity managed

Two other continuing cybersecurity trends in 2024 are sure to be shrinking budgets in many organisations and an industry-wide lack of cybersecurity talent supply.

Combined, this is leading to a growth in businesses outsourcing their digital security needs to trusted third parties.

Managed Service Providers give you an easy, reliable way to accomplish most of the above. Train your team. Keep on top of new challenges. Manage your devices. Have a plan in case of disaster.

In 2024, if you’re looking for one New Year resolution that will start your journey to a more cyber-secure future, looking into having your IT security managed is perhaps the best place to start.

Want to talk about your unique business needs with an organisation already trusted by nearly 1000 businesses in Bristol and beyond?

Dial A Geek’s Protect & Grow service helps you become compliant, manage your devices and onboarding, and much more. Why not enquire about a free 30-day trial?

There’s no fee or commitment. Talk it over with Chief Geek Gildas Jones today.