Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
As regular readers of TechCrunch know, 2024 – like the years before it – was full of data breaches, ransomware attacks, and massive attacks exploiting the most trivial of software vulnerabilities. Even the best-resourced organizations have not been able to keep hackers out of their systems over the past twelve months. AT&T experienced its second massive outage of the year, this time affecting “almost all customers.”; Ticketmaster had 560 million stolen records hacking of cloud storage giant Snowflake; and the health insurance giant Change Healthcare was hit by the ransomware team accessed the sensitive medical details of at least a third of all Americans.
Your startup doesn’t have to suffer the same fate in 2025. Some of the simplest security things can help prevent malicious hackers.
Here are some simple but effective! — cybersecurity resolutions you should make as you head into the new year.
Store your company passwords securely
Password managers keep all your company passwords safe so your employees don’t have to worry about remembering them. Password managers also help you create and store unique and complex passwords for all your accounts. This can help prevent account intrusions caused by password reuse, where hackers use the same username and password on different online accounts. Soon a password has been stolenhackers can access a person’s other accounts using the same password. Some companies are moving away from passwords altogether and based on toggle switchesresistant to phishing attacks and other passwordless technology.
Implement multi-factor authentication
Passwords alone are not enough to protect your most important accounts from malicious threats. Hackers stole it at least 1 billion private records In 2024, the use of stolen credentials for corporate accounts not protected by multi-factor authentication helped greatly.
MFA, a security feature that requires users to provide an additional code in addition to a password when logging in, makes it much more difficult for cybercriminals to access online accounts. In the case of cloud computing giant Snowflake, it may be possible to request the use of an MFA. blocked a pair of hackers from The theft of highly sensitive data from AT&T and over a hundred other corporate customers.
Most security professionals will recommend using authenticator software that generates access codes on the device instead of codes sent via SMS text message, which can be intercepted in some cases.
Keep your software up to date
Some of the most damaging breaches of 2024 stem from a perennial problem: unpatched vulnerabilities in third-party software. one A big hacking target in recent years is managed file transfer toolsis a program that large companies and enterprises often use to transfer large data files over the Internet. Some file transfer products and other enterprise technologies have been around for years (or longer) and have been targeted because of their tendency to store sensitive company data.
While exploiting as some errors zero days — a vulnerability discovered before a patch is available — the best thing companies can do is ensure your firmware is updated and security patches are applied as soon as possible.
Back up your company data
Ransomware attacks were another record breaking year In 2024, companies pay hackers huge sums of money to get their data back (and prevent it from leaking onto the internet). Regularly backing up your company’s data is a critical line of defense against data encryption and data theft attacks. Backups can also be targeted by hackers for their ability to help victims effectively restore business operations without significant data loss. Having encrypted offsite backups can help in the event of security or data disasters.
Stop picking up the phone
While hackers have relied on malware-related email lures as their weapon of choice against unsuspecting victims for years, some hacker groups they resort to fake phone calls as the main means of intrusion into organizations. A single phone call to casino and hotel giant MGM’s IT help desk reportedly led the way Its massive disruption in 2023cost the entertainment giant at least $100 million. Like TechCrunch’s Zack Whittaker writes perfectly here: Always be suspicious of unsolicited calls, even if they come from a legitimate-looking contact, and never share confidential information over the phone without first checking with another means of communication.
Be transparent
Even if you do everything right, there is no guarantee that your startup will not be targeted. Due to their limited resources compared to large companies, startups are prime targets for hackers. If your company is the victim of a cyber attack, being open about the incident can make a real difference in terms of outcomes. Transparency can help your customers take action if necessary, and sharing information can help others protect against similar attacks in the future.
Not only can keeping a data breach secret can damage your reputation and potentially cost you money significantly in fines – but it can also give you a place TechCrunch’s annual “poorly managed breaches” roundup.
