3 New Year Resolutions for Security You Can Actually Keep

New year resolutions are infamous for being hard to stick to, but that’s because people usually pick things that require changes way too drastic. Here’s 3 new year’s resolutions for Data security that you all can easily follow (and more importantly, stick to) that will immediately put you in a stronger posture to defend against a wide range of attack methods.

1. Lets fix passwords once and for all.

It’s an old movie and yet so easy to fix. Stop making excuses and download a password manager immediately.

Your master password doesn’t h@v3 t0 b3 s0 d1Ff1cU1t that you need to write it down. Simply take 4 random words you can remember and put them in sequence, e.g. “cupboard beagle pathway painting”. Why? Let this simple comic explain:

2. Lets actually install those software patches!

Zero day threats are real, but they aren’t the main reason why data breaches happen. Often it’s much older vulnerabilities going unpatched for months (or longer!) that contributed to a breach occurring.

Malware is one of the most common ways being used right now to steal data. Malware preys on unpatched software. Yet, many of us continue to use software that’s several patches behind. No wonder Malware is so effective.

So, when you’re asked to install a security update from a reputable vendor, do it straight away.

And if you’re a larger environment, setup a central notification mailbox for all vendor security alerts (or purchase a specialised platform to filter what’s relevant to your business) and assign responsibility to review vendor notifications every day with deployment follow-through and signoff. The key is for a skilled team member to take responsibility for each escalation to ensure it gets done right.

3. Let’s finally understand our data.

Most hackers don’t care who you are or what you do. What they’re interested in is what you’re storing and how they can profit from it.

It’s a quote we heard at every data security conference we attend, whether its Visa, Mastercard or the PCI Councils own events – Find out what you have that could pose a risk, where it all is, and who wants it.

Are you inadvertently storing your customer’s credit card information? Is one of your employees storing unencrypted company passwords in a plain text file on his/her computer? Or maybe you have emails going back and forth with sensitive information that hackers might be interested in acquiring.

A simple risk assessment is not as difficult as you might imagine. Once you’ve found the problem, only then can you actually decide what action to take – delete it, encrypt it or redact it and start minimizing your risk.

While of course the deluxe suite of security requires a lot more effort and resources to ensure you’re as safe as you possibly can get, laying down the basic groundwork with these 3 steps should provide you with a good foundation on which to remove your organisation from the top 50% of likely victims.

As far as new years resolutions go, these are well within reach, and well worth the effort. In fact, why don’t you start right now?

This is by no means a definitive guide to data security – for clearer guidance on securing sensitive data, read the PCI DSS 3.0 and treat it as the minimum baseline.