The start of a new year brings the perfect time to reflect on the past and make intentional improvements looking into the future. One area that is fundamental to everybody’s lives and yet often goes overlooked in New Year’s resolutions is personal cybersecurity habits. In an increasingly digital age, cyber security has a role to play in everybody’s daily lives, however it is often given little consideration – that is, until something goes wrong. With the growing frequency cyber-attacks, data breaches, password compromises, and online scams, enhancing your digital security is not just a precaution but a necessity. Fortunately, there are a few fundamental actions you can take, that will massively increase your resilience to falling victim to an online fraud or cybercrime. This post will give you some key top tips to bring into the New Year, which will help you keep yourself, your business and your loved ones protected online.

Good Password Hygiene:

Good password practices are one of the key behaviours that helps to keep your accounts safe online. Whilst websites are increasingly requiring the creation of a strong password, it can be tempting for many to keep passwords as simple as possible, or to use the same password for multiple accounts, for ease of accessibility. However, this is putting you at risk. A strong password is something that is random and cannot easily be guessed. This means avoiding including information such as birthdays, pets, football teams, or common phrases. The length of a password is also key to its security, making it harder to be cracked by a machine. Additionally, using numbers and special characters can help to enhance its strength, however this should ideally also be as random as possible, as replacing ‘I’ with 1 or ‘a’ with @ is also commonplace. Using the NCSC’s ‘Three Random Words’ tool is one way to create strong passwords. It is also just as important to make sure you are using different passwords for different accounts. There are various methods that online criminals can use to gain access to your password, but implementing distinct passwords for every account ensures that if one account is compromised, your other accounts still cannot be accessed.

Remembering multiple passwords is a common gripe of the modern age and is often the reason for the repetition of passwords across multiple accounts. One effective way to manage this is to use a password manager. These online tools securely store all your passwords in an encrypted vault, allowing you to generate and retrieve unique, strong passwords for every account, without you having to memorise them. Many password managers also offer features including password generation, automatic login, and secure password sharing options. If the master password for this manager is exceptionally strong and unique, this is a valuable option for making good password hygiene a seamless process. For those who do not wish to use a password manager, writing passwords down is still a secure method- providing the passwords are kept in a safe place and not likely to be lost.

See below for Hive System's 2024 Password Table.

Switch On Multi-Factor Authentication:

Expanding on passwords, multi-factor authentication (MFA) is one of the most effective ways to bolster both personal and business cybersecurity, adding an essential layer of security to your accounts. MFA requires users to give two or more verification factors when accessing their account. This could be a verification code through an app or text, or it could be something unique to the user such as a fingerprint or face ID. This adds significant protection to your accounts, as even if a password is compromised, the account still cannot be accessed without this additional verification. For work accounts, this helps to safeguard sensitive systems and data from security breaches, something that can cause significant financial and reputational damage. For personal accounts, this helps protect your financial and personal information. MFA is not always switched on automatically, and often the user needs to go into their account settings to set it up. Whilst this might seem like an inconvenience, turning it on can save significant hassle and stress later down the line; particularly as when criminals infiltrate accounts, one of the first thing they will do is switch MFA on, to prevent to account owner from re-accessing their account. Going into the New Year, consider reviewing your accounts and ensuring MFA is switched on.

Protect Yourself From Phishing

Phishing attacks, in their various forms, remain to be one of the most common and effective methods employed by cybercriminals to steal sensitive or financial information. For individuals and small businesses, it is important to make sure you are up to date in knowing how to be vigilant – particularly as phishing continues to grow in its sophistication and believability. Being cautious is key to this, and you should always be wary of unsolicited emails, texts and calls that are asking you for information. If you are unsure, you should always verify the legitimacy of the source by contacting the organization directly, rather than responding to the message. Building on this, it is important to recognize the red flags of a phishing attempt. Often, phishing aims to play on human nature, by instilling a sense of urgency or panic within the recipient. This could be by saying you have been compromised, or that you need to act quickly. Additionally, poor spelling and grammar can indicate a phish. One way to check is to look closely at the sender. In emails, paying close attention to the specific email address of the sender can reveal it is spelt differently, or the domain has been changed. Whilst spam protection and email filtering can help to block many phishing attempts, the most important thing to do is be very suspicious and cautious of anything unexpected.

Make Backups

Creating backups is a key way to ensure your cybersecurity. This preventative action means that in the event of a cyberattack, hardware failure, or accidental data loss, you would not lose access to your important data. For businesses, lost data can come with significant financial loss, and massive disruption to operations. For individuals, this can include personal information such as photos, important documents, and financial records. Ensuring you have a robust backup system, whether through cloud storage, external hard drives, or a combination, means that your data is secure and accessible when needed. It is important to make sure you have multiple copies of this data, and that it is stored on a different media source. Regularly testing backups for reliability and ensuring they are secure will further enhance your protection. Going into the New Year, taking an audit of how your important data is secured will help ensure its protection in any worse case scenario.

Install Device Updates

The final cyber fundamental to consider going in to 2025, is to ensure that all of your devices are being regularly updated. Software updates typically include security patches that address vulnerabilities that have been discovered in operating systems, applications and hardware. When left unpatched, these vulnerabilities become targets for cybercriminals, making them a vulnerable access point. This carries significant risks for both businesses and individuals. Switching on automated updates on devices can help to ensure that updates are applied promptly, however it is important to manually check and install critical security patches for any software that does not automatically update.

Ultimately, the New Year for many brings a chance for a fresh start. Cybersecurity is an essential consideration for everybody and implementing these simple but effective steps can go a long way in safeguarding your data and privacy. Whether you are an individual looking for ways to protect your personal information, or a small business handling sensitive information; taking these steps come at no cost and yet will significantly reduce your exposure to cyber threats. The New Year brings with it a perfect time to assess your cybersecurity habits, and ensure you are doing the basic things you can make 2025 a year of digital safety and success.

How can the ECRC support?

By joining the ECRC as a free member, your organisation will be supported in making the small changes that make the biggest difference when it comes to cyber resilience. Becoming a free member means you will receive the latest cyber resilience guidance via email, which will drip feed you ways in which you can improve your cyber resilience without costing any money.

The ECRC website also contains several links to helpful National Cyber Security Centre (NCSC) resources, which are all free, up-to-date, and easy to use. Tools such as Exercise in a Box and the NCSC Cyber Action Plan are particularly useful in terms of identifying areas where you could improve your cybersecurity. They also have many informative guides that are sector specific, which will give you useful and detailed information.

If you would like more information about how the ECRC can help your organisation specifically, please book a chat with us today!

Reporting a live cyber-attack 24/7:

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.

Reporting a cyber-attack which is not ongoing:

Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)