7 New Year’s Resolutions to Improve Cyber Security

This blog post was originally posted on December 31, 2019 and as been updated to share new information.

A New Year is here and it is time to make some new resolutions.

While you make personal resolutions such as eating healthier or getting in shape, you shouldn’t neglect professional ones as it applies to your organization and employees.

Given the widespread application of technology in business, it is necessary to have a cyber security plan in place to protect company data and your computer network in the New Year.

Some of the tips that you can adopt or enforce to boost your business security against hackers are discussed below.

1. Deploy Firewall

You can’t stop intruders from attacking your business but you can make their attempts much more difficult by deploying strong firewalls in your network.

With firewalls in place, you can dissuade cybercriminals from lurking around your network.

Firewalls help to block unauthorized access to protected information or devices. It is a basic cyber security measure to keep your business safe. Without a properly installed and configured firewalls, even unskilled malicious users can find their way into your system.

2. Update Your OS and Software

No systems is fully secured. This is why OS, software and device vendors roll out updates and patches.

Hackers are usually one step ahead of developers as a vulnerability needs to be discovered first before it can be patched.

Updates block newly discovered vulnerabilities and security holes so that other users don’t become victims.

If you or your employees are used to ignoring update prompt, then it is time to stop the practice and fully embrace all updates.

To enforce updates, you can set your system to automatically update itself so that staff cannot override them. You should also educate employees about the importance of updates for your organization’s cyber security.

3. Confirm All Requests

Hiding behind internet anonymity, cybercriminals can pretend to be whoever they want through phishing. This is why it is important that your organization encourage confirmation of requests relating to information or money requests.

Through phishing, hackers may pretend to be the CEO and request for wiring of funds or credentials to a private system only to sabotage it.

When your employees receive such request, they should confirm its validity by using other channels of business communication such as phone or company chat app to make sure they are dealing with the right person.

Emails with suspicious attachments should be sent to the proper department for vetting before acting on them.

4. Use Password Manager

Passwords are only as secure as the way they are handled. Human memory is quite limited in the number of random sequences that can be stored. With the explosion of web apps, this has forced many employees to reuse the same weak password for different accounts thus exposing all to security risk.

If one of these accounts is compromised, attackers may then use the same password to gain access to others.

A solution to weak passwords and reuse is to use a password manager that will generate strong passwords and save them for retrieval.

5. Use Multi-Factor Authentication

If a network or asset is worth protecting, then using only one password for access is inadequate. The more hoops you need to jump before gaining access to a system or resource, the more secure it is.

Multi-factor authentication (MFA) makes it difficult for an unauthorized party to gain access to a system.

Even if a cybercriminal managed to steal an employee’s credential, with MFA in place, they are still far from success as they would need to successfully get other layers of security to access that specific account.

You may use an MFA that is linked to a phone number. More secure MFA options include online authenticator such as Google Authenticator and hardware security keys for sensitive systems.

6. Avoid Public Wi-Fi

Public wifi are convenient to use but are often insecure. Employees often need to work outside of the office and may use to public WiFI for connectivity.

When employees connect to a public hotspot, they are exposing the business to security risks.

A malicious user on the same network may hijack live sessions. They may even operate a rogue WiFi network to lure unsuspecting victims and gain access to their system and by extension, business data.

A strict policy of not using public wifi should be put in place. If employees must use public network, then it must be done through a VPN to encrypt data transmission.

7. Scan Your Computer Network

Long-term usage of a system without scanning leads to accumulation of junk items including potentially harmful codes. You should take advantage of the New Year break in activity to scan your entire network for unwanted and unsecured apps, servers and codes.

Regular scanning of system should be part of your organization’s calendar.

Bonus Tip! Don’t Become A Victim Of Phishing Thru Social Engineering

Phishing is a form of social engineering that may be executed via email, SMS, or voice calls. A Phishing email is the most common method by which hackers compromise business systems.

Phishing that is tailored to a particular target is known as spear phishing. Phishing messages are designed to fake familiarity with the intended target. A user may receive a fake email about a product they use or a store they shop at to help create engagement with the malicious email.

Phishing emails may contain malicious attachments or links which are designed to exploit the vulnerability in the victim’s system or application such as the browser when opened. Hackers may also directly request personal information via email.

Long-term usage of a system without scanning leads to accumulation of junk items including potentially harmful codes. You should take advantage of the winter holiday break where employee activity may be lower to scan your entire network for unwanted and unsecured apps, servers and codes.

Regardless of an employee’s role or security position, the basic practices discussed above will help keep your organization safe.

To get the best from your employee, you must develop adequate and robust security policies and engage employees in regular training to build a company culture that promotes cybersecurity. For more information on how improve your cyber security techniques for the New Year, please contact SDTEK.

Wishing everyone a very Happy New Year!

The post 7 New Year’s Resolutions to Improve Cyber Security appeared first on SDTEK | San Diego, CA.

< Older Post Newer Post >

Common IT Security Compliance Pitfalls and How to Avoid Them

June 17, 2025

Meeting IT security compliance standards is crucial for businesses that handle sensitive data, particularly in industries such as healthcare, finance, defense, and e-commerce. Regulatory frameworks such as HIPAA, CMMC, PCI-DSS, and GDPR exist to help ensure businesses protect customer information and maintain robust cybersecurity practices. Unfortunately, many organizations fall short of these requirements, often due to common, avoidable mistakes. These gaps can result in costly fines, data breaches, and reputational damage, which can significantly impact the business's bottom line and customer trust. 1. Failing to Conduct Regular Risk Assessments The Pitfall: Many businesses overlook the importance of conducting routine risk assessments. Without these, it’s challenging to identify vulnerabilities or evaluate whether your current cybersecurity controls meet compliance standards. How to Avoid It: Implement a regular risk assessment schedule. Work with a qualified IT provider to evaluate your systems, identify weaknesses, and document remediation plans. These assessments should be performed at least annually, or whenever significant changes to the system occur. 2. Inadequate Employee Training The Pitfall: Your employees are your first line of defense—and often your most significant vulnerability. A common compliance issue arises when businesses fail to train staff on cybersecurity best practices or on handling sensitive data appropriately. How to Avoid It: Invest in ongoing cybersecurity awareness training. Ensure employees understand how to recognize phishing emails, create strong passwords, and report any suspicious activity. Training should be updated regularly to reflect current threats and compliance requirements. 3. Improper Data Handling and Storage The Pitfall: Storing sensitive data in unsecured locations, failing to encrypt information, or retaining data longer than necessary are significant compliance risks. These practices are often flagged during audits. How to Avoid It: Adopt data classification policies that define how different types of data should be handled; encrypt sensitive data both at rest and in transit. Establish clear data retention policies and ensure that obsolete data is disposed of securely. 4. Lack of Incident Response Planning The Pitfall: When a security incident occurs, time is of the essence. Many businesses lack a documented incident response plan, or their existing plan hasn’t been thoroughly tested. This can lead to delayed responses, increased damage, and regulatory penalties. How to Avoid It: Develop a formal incident response plan that includes roles, responsibilities, communication protocols, and steps for containment and recovery. Run simulated breach scenarios with your IT team to ensure everyone knows how to respond effectively. 5. Using Outdated Software or Systems The Pitfall: Running outdated operating systems, software, or firmware is a common issue that can lead to compliance failures. Unsupported technologies are more vulnerable to exploitation. How to Avoid It: Keep all systems and applications up to date with the latest patches. Use automated tools to track software versions and receive alerts about end-of-life technologies. Schedule regular maintenance windows to apply updates and upgrades. 6. Insufficient Access Controls The Pitfall: Allowing too many employees access to sensitive data—or failing to revoke access when it’s no longer needed—can lead to data breaches and non-compliance. How to Avoid It: Implement role-based access controls and follow the principle of least privilege. This principle means that each user should have the minimum level of access necessary to perform their job. Regularly audit user accounts and permissions to ensure access is current and appropriate. Use multi-factor authentication (MFA) to add an additional layer of protection. 7. Neglecting Third-Party Vendor Risks The Pitfall: Businesses often overlook the fact that their compliance responsibilities extend to third-party vendors. If a vendor mishandles your data, you could still be held accountable. How to Avoid It: Vet third-party vendors carefully. Ensure they meet the same compliance standards as your business and include security requirements in your contracts. Conduct periodic audits or request compliance certifications from your vendors. 8. Failing to Document Policies and Procedures The Pitfall: Even if your security practices are strong, failing to document your compliance policies can result in audit failures. Regulators want to see evidence that you have formal processes in place. How to Avoid It: Create and maintain clear documentation for all compliance-related policies, including data protection, access control, incident response, and employee training. Make these documents easily accessible for audits and regularly review them to ensure updates are current. Conclusion Compliance with IT security standards is not a one-time project—it requires ongoing attention, regular updates, and a proactive approach to maintain effectiveness. By understanding and addressing these common pitfalls, your business can stay ahead of regulatory requirements, strengthen its security posture, and reduce the risk of costly incidents. This ongoing attention is crucial to maintaining your business's security and audit readiness. If you’re unsure whether your business is meeting current IT compliance standards, professional support can help. Contact SDTEK today to schedule a compliance assessment and learn how our IT services can keep your business secure and audit-ready. With our support, you can navigate the complex landscape of IT security compliance with confidence.

Why Cybersecurity and Business IT Support Are Crucial for Fort Wayne Businesses

April 9, 2025

In today’s digital-first world, cybersecurity isn’t just a luxury—it’s a necessity. Whether you run a small startup or a growing enterprise in Fort Wayne , protecting your business’s data, systems, and clients is essential for long-term success. From ransomware attacks to phishing scams, cyber threats are evolving every day, and the best way to stay ahead of them is by partnering with a reliable IT services provider that understands the unique needs of local businesses. Here’s why investing in professional business IT support is one of the smartest decisions Fort Wayne businesses can make—and how working with SDTEK helps protect your operations, your data, and your reputation.