Cyber New Year's Resolutions: what you should do in 2022

2021 is over. Thank goodness, right? And whilst we all have personal aspirations ahead of us in 2022 - eat healthier, exercise more, learn a language, write that book you keep telling yourself you have in you - it’s important to make Cyber Security a New Year’s resolution, too.

2021 was peppered with cyber threats, be it scams, fraud, phishing (which was particularly prevalent) to the darker end of the spectrum: ransomware. And Covid-19 has played its part in this surge, as cyber-criminals have looked to proffer from new working practices and uncertainty.

And whilst we all hope that 2022 will be better as (fingers crossed) the pandemic eases, one thing is for certain: businesses and organisations have to keep their fingers on their collective pulses and protect themselves from cybercrime because, even if Covid-19 does ease up, that does not mean cybercrime will.

So it’s vital that SMEs - and businesses of all sizes in fairness - ramp up their cyber resilience, bolster their cyber hygiene and look to reduce the risk of falling victim to cybercrime whilst protecting themselves from the type of threats that have dominated the last 12 months. Nay, 24 months!

As mentioned, cybercrime has flourished during the pandemic, with opportunistic cybercriminals taking advantage of remote workforces, launching mass phishing campaigns, testing new ransomware variants and exploiting weaknesses in critical supply chains.

Organisations have had to adapt rapidly to this evolving situation and quickly implement new systems and procedures to protect their staff from the onslaught of attacks. Cyber security became a key priority and continues to remain of the utmost importance as we enter a new year where the majority of workforces are still working remotely, abiding by Mr. Johnson’s Plan B at the time of writing.

Therefore employees remain vulnerable to attack and must look at ways of improving their security behaviours to help prevent cyber attacks.

We have put together a few ideas that should be included in your Cyber Security New Year’s resolutions this year. It’s not an exhaustive list, as there are bounteous threats out there, and to keep up with the latest risks and threats we recommend becoming a core member of the centre. It’s free to join and this year we are expanding our team to help your business, offering a better customer service experience. That’s our very own cyber New Year resolution right there.

But for now, we have put together our top five tips based on recent trends that your Cyber New Year Resolutions should include. They are:


1. Phishing Attacks

Over the past two years, as the world has been gripped by a global virus, a huge surge in phishing attacks washed over us all, and it became hard to trust the multitude of texts and emails we received.

Criminals exploited the fear and chaos caused by the pandemic, and Covid-related phishing lures proved to be an extremely effective way to dupe unsuspecting individuals into clicking on malicious links.

With the world still firmly in the grip of the pandemic, we can expect these types of attacks to continue well into 2022, so it’s vital that employers and employees alike are on their guard and can recognise all the signs of a coordinated phishing attack.

Whether it’s via email, text or a carefully crafted website, phishing attacks will typically pressurise you into taking immediate action. Other warning signs include threatening or urgent language, requests for personal or financial information, generic greetings, poor grammar, or a mismatched URL.

Want more information on phishing? See Action Fraud’s A-Z or Fraud > Phishing

2. Create Strong Passwords

One of the easiest ways for hackers to gain access to sensitive company data is to guess passwords.

Bad password practice is more prevalent than you might think - for example, the UK’s National Cyber Security Centre carried out analysis of passwords leaked in data breaches and found that more than 23 million users worldwide used 123456 as a password!

And that's not all, a staggering number of people use the same username and password combination on all of their accounts, meaning that should hackers can gain access to one account, they can potentially access them all.

To protect sensitive company data, you should use strong and unique passwords on all your accounts. A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. For extra security, substitute letters with numbers and symbols to make it even more secure, or follow the Three Random Words rule, endorsed by the National Cyber Security Centre.

When choosing a passphrase, avoid the use of:

  • Your name in any form or any abbreviations

  • The name of close relatives or pets

  • Your username

  • Birth dates or anniversaries

  • Famous quotes

3. Enable Multi-Factor Authentication

Multi-factor authentication or 2-Factor Authentication (2FA) provides an extra layer of protection that can significantly reduce the chance of your accounts being hacked.

In addition to a username and password, multi-factor authentication requires two or more forms of authenticating data to confirm your identity. This could be a pin, code, token, or even biometric data such as a fingerprint.

It’s one of the simplest ways to keep sensitive company information private and secure from interception. This could be for logging in, resetting a password, or to provide a stronger authentication process for the protection of sensitive data like personally identifiable or financial information.

As large numbers of employees continue to work remotely, multi-factor authentication can provide a secure way to access company data without compromising corporate networks.

4. Avoid Oversharing on Social Media

Social media sites can have cyber-criminals rubbing their hands in glee. They can find a wealth of information about potential victims before launching an attack. In fact, more than a third of social media users (39%) have experienced fraudulent activity due to oversharing on social media platforms.

Seemingly harmless posts, photos, and details in your profile could open you up to identity fraud, theft, and privacy invasion. By harvesting the information that is available across different social media platforms, attackers can then develop highly targeted attacks that will exploit your trust and establish entry points for future scams.

To stay safe on social media, be selective about what you share online and with whom; provide limited information on social profiles, don’t tag your location, and use enhanced privacy settings.

Also, keep your corporate social media accounts secure by ensuring you have a few practical measures firmly in place and be cautious of sharing data via public WI-FI.

5. Regularly Update Security Software

It can be tempting to click on the ‘remind me later’ button when a security software update pops up, but you should always install these updates as soon as they become available. New vulnerabilities are discovered all the time and unless patches are applied, hackers can exploit these vulnerabilities to gain access to corporate networks.

Many people find these updates annoying, a hindrance or a waste of their time. But what’s worse, taking a couple of minutes to ensure you’re up-to-date, or getting hacked as a result of a compromised vulnerability that could have easily been avoided?

There is also the ‘why would someone attack me?’ attitude, which, if this applies to you, you really ought to consider changing your stance this year! Hackers can and will attack any business, from window cleaners to multi-national conglomerates.

Remember: a patch is essentially a piece of code that is installed into an existing software program to correct a problem or ‘bug’. It’s also used to improve an application’s general stability or to fix a security vulnerability.

Patching is estimated to prevent up to 85% of all cyber attacks so it’s vital you regularly update your software to ensure you are running the most up to date versions released by the manufacturer.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.