As regular readers of TechCrunch will know, 2024 data breaches; It's full of ransomware attacks and mass hackers exploiting some minor software vulnerability. Even the most well-resourced organizations have not been able to keep hackers out of their systems in the past twelve months. AT&T suffered its second major breach this year, this time affecting “almost all customers.”; Ticketmaster had 560 million records stolen. A hack of cloud storage giant Snowflake; and the health insurance giant Change Healthcare has been hit by ransomware. Access to sensitive medical details of at least a third of all Americans.
Your startup may not suffer the same fate in 2025. Some of the simplest security things can help keep malicious hackers at bay.
These are simple — but effective. — Cybersecurity resolutions you should be making as we head into the new year.
Store your company passwords securely.
Password managers All your company passwords are stored securely so your employees don't have to worry about remembering them. Password managers help you create and store unique and complex passwords for all your accounts. This will help prevent account intrusions caused by password reuse, where hackers take advantage of users using the same username and password on various online accounts. as soon as A password has been stolen.Hackers can access other accounts of the person using the same password. Some companies are moving away from passwords altogether. I rely on keys.resistant to phishing attacks and other password-less technology;
Implement multi-factor authentication.
Passwords alone are not enough to protect your most important accounts from malicious threats. Hackers steal. At least 1 billion personal records By 2024, Most helped by using stolen credentials for corporate accounts that were left unprotected by multifactor authentication.
MFA, a security feature that requires users to provide an additional code rather than a password when logging in, makes it more difficult for cybercriminals to break into online accounts. In the case of cloud computing giant Snowflake; You can order to use MFA. Blocked a pair of hackers. from Stealing highly sensitive data from AT&T and over a hundred other corporate customers..
Most security people will recommend using authentication apps that generate login codes on the device rather than codes sent via SMS text message, which can be intercepted in some cases.
Keep your software up to date.
Some of the most damaging breaches of 2024 stem from a problem that's been around for years: unpatched vulnerabilities in third-party software. One kind Big hacker targets in recent years have been file transfer management tools.Software used by large companies and enterprises to frequently transfer large data files over the Internet. Some file transfer products and other enterprise technologies have been around for years (or longer) and have been targeted for their propensity to store sensitive company data.
While exploiting some bugs Zero-days — a vulnerability that may become apparent before a patch is available — the best thing companies can do is to keep your internal software up-to-date and ensure security patches are applied as soon as possible.
Back up your company data.
There was another ransomware attack. A record-breaking year By 2024, companies will be paying hackers huge sums of money to recover their data (preventing it from being leaked online). Regularly backing up your company's data is an important way to protect against data encryption and data theft attacks. Backups can also be targeted by hackers to effectively restore their operations without data loss. Having encrypted off-site backups can help in the event of security or data disasters.
Stop picking up the phone.
For years, hackers have relied on malware-laced emails as their weapon of choice against unsuspecting victims. Some hacker groups Organizations have turned to phishing calls as a primary means of hackers. One phone call to the IT help desk of casino and hotel giant MGM reportedly took place. to its massive breach in 2023It cost the entertainment giant at least $100 million. As TechCrunch's Zack Whittaker Perfectly written here.: Always be suspicious of unexpected calls, even if they come from a legitimate-looking contact, and never share confidential information over the phone without verifying them first through another means of communication.
Be transparent.
Even if you do everything right, there is no guarantee that your startup will not be targeted. Enterprises are prime targets for hackers due to their limited resources compared to large companies. If your company is the victim of a cyber attack; Being upfront about the event can make a real difference in terms of results. Transparency can help your customers take whatever action they need, and sharing information can help protect others from similar attacks in the future.
A data breach can not only put you in prison, but also cause reputational damage and potentially cost you. Significantly Fines — but it can get you somewhere. TechCrunch's annual 'Badly Handled Breach' roundup.