top of page

New Year Resolutions: is cyber security on your list this year?

We all have personal aspirations ahead of us in 2024 - eat healthier, exercise more, learn a language, write that book you keep telling yourself you have in you - but it’s also important to make Cyber Security a New Year’s resolution, too.

2023 was peppered with cyber threats, be it scams, fraud, phishing (which was particularly prevalent) to the darker end of the spectrum: ransomware.

This is why we constantly encourage businesses and organisations to keep their collective eyes on the ball and protect themselves from cybercrime, because one thing is for certain: the threat landscape in 2024 will not be any clearer.

It may seem like a bleak prediction, but the truth is threat actors and cyber criminals are becoming more skilled, more sophisticated in their approach, more dedicated and vehement, and therefore the threat levels in 2024 will be as high - if not higher - than 2023.

So it’s vital that SMEs - and businesses of all sizes for that matter - ramp up their cyber resilience, bolster their cyber hygiene and look to reduce the risk of falling victim to cybercrime whilst protecting themselves from the type of threats that have dominated the last 12 months.

We have put together some ideas that should be included in your Cyber Security New Year’s Resolutions this year. It’s not an exhaustive list, as there are bounteous threats out there. So to keep up with the latest risks and threats we recommend requesting our free information pack and joining our community.

It’s free to join and this year we are expanding our team to help your business, therefore offering a better customer service experience. That’s our very own cyber New Year resolution right there.

But for now, we have put together our top five tips based on recent trends that your Cyber New Year Resolutions should include. They are:


1. Phishing Attacks

A huge surge in phishing attacks has engulfed inboxes and phones of late, and it became hard to trust the multitude of texts and emails we received.

Criminals used ever-evolving and ingenious (but no less nefarious) methods to dupe unsuspecting individuals into clicking on malicious links.

The fear and chaos caused by the cost of living crisis is another hook for cybercriminals. As prices soar, criminals exploit the fear and uncertainty surrounding cashflow concerns and target vulnerable people with sophisticated phishing lures.

As this crisis continues, we can expect these types of attacks to continue well into 2024, so it’s vital that employers and employees alike are on their guard and can recognise all the signs of a coordinated phishing attack.

Whether it’s via email, text or a carefully crafted website, phishing attacks will typically pressurise you into taking immediate action. Other warning signs include threatening or urgent language, requests for personal or financial information, generic greetings, poor grammar, or a mismatched URL.

Want more information on phishing? See our blog entitled 'Let’s remind ourselves about phishing...'.

2. Create Strong Passwords

One of the easiest ways for hackers to gain access to sensitive company data is to guess passwords.

Bad password practice is more prevalent than you might think - for example, the UK’s National Cyber Security Centre carried out analysis of passwords leaked in data breaches and found that more than 23 million users worldwide used 123456 as a password!

And that's not all, a staggering number of people use the same username and password combination on all of their accounts, meaning that should hackers can gain access to one account, they can potentially access them all.

To protect sensitive company data, you should use strong and unique passwords on all your accounts. A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. For extra security, substitute letters with numbers and symbols to make it even more secure, or follow the Three Random Words rule, endorsed by the National Cyber Security Centre.

When choosing a password, avoid the use of:

  • Your name in any form or any abbreviations

  • The name of close relatives or pets

  • Your username

  • Birth dates or anniversaries

  • Famous quotes

3. Enable Multi-Factor Authentication

Multi-factor authentication, 2-step verification (2SV) or 2-Factor Authentication (2FA) provides an extra layer of protection that can significantly reduce the chance of your accounts being hacked.

In addition to a username and password, multi-factor authentication requires two or more forms of authenticating data to confirm your identity. This could be a pin, code, token, or even biometric data such as a fingerprint.

It’s one of the simplest ways to keep sensitive company information private and secure from interception. This could be for logging in, resetting a password, or to provide a stronger authentication process for the protection of sensitive data like personally identifiable or financial information.

As large numbers of employees continue to work remotely, multi-factor authentication can provide a secure way to access company data without compromising corporate networks.

4. Avoid Oversharing on Social Media

Social media sites can have cyber-criminals rubbing their hands in glee. They can find a wealth of information about potential victims before launching an attack. In fact, more than a third of social media users (39%) have experienced fraudulent activity due to oversharing on social media platforms.

Seemingly harmless posts, photos, and details in your profile could open you up to identity fraud, theft, and privacy invasion. By harvesting the information that is available across different social media platforms, attackers can then develop highly targeted attacks that will exploit your trust and establish entry points for future scams.

To stay safe on social media, be selective about what you share online and with whom; provide limited information on social profiles, don’t tag your location, and use enhanced privacy settings.

Also, keep your corporate social media accounts secure by ensuring you have a few practical measures firmly in place and be cautious of sharing data via public WI-FI.

5. Regularly Update Security Software

It can be tempting to click on the ‘remind me later’ button when a security software update pops up, but you should always install these updates as soon as they become available. New vulnerabilities are discovered all the time and unless patches are applied, hackers can exploit these vulnerabilities to gain access to corporate networks.

Many people find these updates annoying, a hindrance or a waste of their time. But what’s worse, taking a couple of minutes to ensure you’re up-to-date, or getting hacked as a result of a compromised vulnerability that could have easily been avoided?

There is also the ‘why would someone attack me?’ attitude, which, if this applies to you, you really ought to consider changing your stance this year! Hackers can and will attack any business, from window cleaners to multi-national conglomerates.

Remember: a patch is essentially a piece of code that is installed into an existing software program to correct a problem or ‘bug’. It’s also used to improve an application’s general stability or to fix a security vulnerability.

Patching is estimated to prevent up to 85% of all cyber attacks so it’s vital you regularly update your software to ensure you are running the most up to date versions released by the manufacturer.

If you want to find out more about the threats that your business may face, we offer Security Awareness Training as an affordable service. It covers all the above in great detail and we can tailor it to your business's needs. Find our more about our Security Awareness Training.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page