As regular readers of TechCrunch will know, 2024 was – just like the years before it – full of data breaches, ransomware attacks and massive hacks exploiting some of the most trivial software vulnerabilities. Even the best-resourced organizations failed to keep hackers out of their systems over the past twelve months. AT&T experienced its second massive breach of the year, this time affecting “nearly all customers”; Ticketmaster had 560 million records allegedly stolen in the hack of cloud storage giant Snowflake; and health insurance giant Change Healthcare was hit by a ransomware team that accessed the sensitive medical details of at least a third of all Americans.
Your startup doesn’t have to suffer the same fate in 2025. A few simple security things can help keep malicious hackers at bay.
Here are some simple – but effective! — Cybersecurity resolutions to make as we head into the new year.
Securely store your company passwords
Password managers securely store all of your company’s passwords, so your employees don’t have to worry about remembering them. Password managers also help create and store unique and complex passwords for all your accounts. This can help prevent account intrusions caused by password reuse, where hackers take advantage of people using the same username and password on different online accounts. Once a password is compromised, hackers can access the person’s other accounts using the same password. Some companies are moving away from passwords altogether and relying on passkeys, which are resistant to phishing attacks and other passwordless technologies.
Implement multi-factor authentication
Passwords alone are not enough to protect your most important accounts against malicious threats. Hackers stole at least 1 billion pieces of personal data in 2024, aided largely by the use of stolen credentials for corporate accounts that were left unprotected by multi-factor authentication.
MFA, a security feature that requires users to provide an additional code beyond just a password when logging in, makes it much more difficult for cybercriminals to access online accounts. In the case of cloud computing giant Snowflake, mandating the use of MFA could have prevented a pair of hackers from stealing highly sensitive data from AT&T and more than a hundred other corporate customers.
Most security people will recommend using authenticator apps that generate access codes on the device, rather than codes sent via SMS text messages, which can be intercepted in some cases.
Keep your software up to date
Some of the most damaging breaches of 2024 were caused by an age-old problem: unpatched vulnerabilities in third-party software. A major hacking target in recent years is managed file transfer tools, software used by large companies and enterprises to transfer often large data files over the Internet. Some file transfer products and other enterprise technologies have been around for years (or longer) and are targeted for their propensity to store backups of sensitive company data.
While some bugs are exploited as zero-days – a vulnerability that comes to light before a fix is offered – the best thing companies can do is ensure that your internal software is kept up-to-date and that security patches are applied as soon as possible. .
Back up your company data
Ransomware attacks had another record year in 2024, with companies paying hackers huge sums of money in order to get their data back (and prevent it from going online). Regularly backing up your company’s data is a critical line of defense against data encryption and data theft attacks. Backups can also be targeted by hackers for their ability to help victims effectively restore their business operations without significant data loss. Having encrypted backups offsite can help in case of security or data disasters.
Stop picking up the phone
While hackers have relied for years on malware-laced email lures as their weapon of choice against unsuspecting victims, some hacker groups are turning to scam phone calls as their primary means of hacking organizations. A single call to casino and hotel giant MGM’s IT help desk reportedly led to its massive 2023 breach, which cost the entertainment giant at least $100 million. As TechCrunch’s Zack Whittaker perfectly writes here: Always be skeptical of unexpected calls, even if they come from a legitimate-looking contact, and never share confidential information over the phone without verifying it through another means of communication.
Be transparent
Even if you do everything right, there’s no guarantee that your startup won’t be targeted. Startups are a prime target for hackers, thanks to their limited resources compared to larger companies. If your company falls victim to a cyber attack, being upfront about the incident can make a real difference in terms of outcomes. Transparency can help your customers take any action as needed, and sharing information can help others protect against similar attacks in the future.
Keeping a data breach under wraps can not only cause reputational damage and cost you significantly in fines – it can also land you a spot on TechCrunch’s annual roundup of ‘badly handled breaches’.
