As regular readers of TechCrunch know, 2024, like the years before it, was filled with data breaches, ransomware attacks, and massive hacks that exploited the most trivial of software vulnerabilities. Even the most well-resourced organizations have been unable to keep hackers from infiltrating their systems over the past 12 months. AT&T experienced its second major breach this year, this time affecting “nearly all of its customers.” Ticketmaster allegedly had 560 million records stolen in a hack by cloud storage giant Snowflake. Additionally, health insurance giant Change Healthcare was hit with a ransomware attack that accessed sensitive medical information on at least one-third of all Americans.
Your startup doesn’t have to suffer the same fate in 2025. Some of the simplest things in security can help keep malicious hackers at bay.
Here are some simple but effective ones. — As we enter the new year, we need to make some cybersecurity resolutions.
Keep your company password safe
A password manager securely stores all your company's passwords so your employees don't have to remember them. A password manager can also help you create and store unique and complex passwords for all your accounts. This helps prevent account break-ins through password reuse, where hackers take advantage of users who use the same username and password for different online accounts. As soon as one password is compromised, hackers can use the same password to access a person's other accounts. Some companies are doing away with passwords altogether and relying on passkeys and other passwordless technologies that are resistant to phishing attacks.
Implement multi-factor authentication
Passwords alone aren't enough to protect your most important accounts from malicious threats. Hackers stole at least 1 billion personal records in 2024. This was primarily useful for using stolen credentials for corporate accounts that are not protected with multi-factor authentication.
MFA is a security feature that requires users to enter an additional code other than their password when logging in, making it much more difficult for cybercriminals to break into online accounts. In the case of cloud computing giant Snowflake, requiring the use of MFA could have prevented two hackers from stealing sensitive data from AT&T and more than 100 other enterprise customers. yeah.
Most security professionals recommend using an authenticator app that generates a login code on your device, rather than a code sent in an SMS text message, which can sometimes be intercepted.
Keep your software up to date
Some of the most damaging breaches in 2024 were caused by a long-standing problem: unpatched vulnerabilities in third-party software. One of the big targets of hacking in recent years is managed file transfer tools. This is software used by large companies and businesses to transfer large data files over the Internet. Some file transfer products and other enterprise technologies have been around for years (or more) and are targeted because they tend to store large amounts of sensitive company data.
While some bugs are exploited as zero-days (vulnerabilities that are revealed before a patch is available), the best thing a company can do is keep its internal software up to date and apply security patches as soon as possible. It's about applying. .
Back up company data
2024 was another record year for ransomware attacks, with companies paying huge sums of money to hackers to get their data back (and prevent it from being leaked online). Regularly backing up your company's data is an important line of defense against data encryption and data theft attacks. Backups can also be targeted by hackers as they allow victims to effectively restore their operations without losing critical data. Having encrypted offsite backups can be helpful in the event of a security or data disaster.
stop picking up the phone
While hackers have relied on malware-laden email decoys as a means of attacking unintended victims for years, some hacker groups are turning to scam phone calls as a primary means of hacking into organizations. I am. A single call to casino and hotel giant MGM's IT help desk led to a massive breach in 2023 that reportedly cost the entertainment giant MGM at least $100 million. As TechCrunch's Zack Whittaker writes perfectly here, always be skeptical of unexpected phone calls, even if they're from a legitimate-seeming contact, and try another method of communication first. Don't share sensitive information over the phone without asking.
be transparent
Even if you do everything right, there is no guarantee that your startup will not be targeted. Startups are prime targets for hackers because they have more limited resources than larger companies. If your company is the victim of a cyberattack, being upfront about the incident can make a big difference in the outcome. Transparency helps customers take action when necessary, and sharing information helps others prevent similar attacks in the future.
Keeping a data breach a secret can not only cause reputational damage and potentially lead to hefty fines, but it can also earn you a spot in TechCrunch's annual “Breaches Worst Handled” roundup.