The start of a new year gets people thinking about habits.
Health goals.
Financial goals.
Getting more organized.
But there’s one area that rarely gets the same attention — cybersecurity.
And it should.
At DS Tech, we see the same pattern every year.
Businesses don’t get compromised because they missed one magical setting or bought the “wrong” tool.
They get compromised because of small, everyday habits that never got fixed.
Cybersecurity isn’t about perfection.
It’s about consistency.
Here are a few realistic cyber “resolutions” — or better yet, habits — that actually make a difference.
Start With a Password Manager (This Is the Big One)
If you do nothing else this year, do this.
Most people are juggling dozens — sometimes hundreds — of accounts. The natural temptation is to reuse passwords, tweak them slightly, or let the browser save them.
That feels convenient.
It’s also risky.
Browser-saved passwords are one of the first things attackers extract if they get access to a system. Once that happens, they don’t get one account — they get all of them.
A dedicated password manager solves this:
-
It creates long, unique, random passwords
-
It stores them securely
-
It autofills just like your browser does
-
It works across devices
-
It can separate business and personal passwords
Yes, the initial setup takes time.
But that time pays for itself quickly — both in convenience and in risk reduction.
And once it’s in place, everything else gets easier.
Turn On MFA Everywhere It Matters
Multi-Factor Authentication (MFA) adds a second (or third) layer of proof that it’s really you logging in.
Password + code
Password + app prompt
Password + fingerprint
The exact method doesn’t matter as much as having it enabled.
Even if a password gets exposed, MFA can stop an attacker cold.
Start with your most important accounts:
-
Email
-
Microsoft 365 / Google Workspace
-
Remote access
-
Financial systems
-
Admin and management tools
From there, expand outward.
This isn’t about locking people out or making work harder — it’s about preventing a single mistake from turning into a breach.
Rotate Old Passwords (Yes, Even With MFA)
There’s debate in the security world about password rotation. Some argue that MFA alone is enough.
In practice, we still recommend rotating passwords — especially on high-value accounts — at least once a year.
Why?
Because old passwords get reused.
Because old breaches resurface.
Because attackers test everything they can find.
A password manager makes this painless. It will even tell you which passwords haven’t been changed in months or years and let you update them with a few clicks.
This is one of those “boring” habits that quietly prevents major problems.
Train People to Spot Phishing (Without Shaming Them)
Phishing is still the #1 way businesses get compromised.
Not malware.
Not hackers breaking in through firewalls.
Emails.
That’s why security awareness training delivers one of the highest returns on investment in cybersecurity.
At DS Tech, we run simulated phishing campaigns on purpose. When someone clicks, they don’t get infected — they get a lesson.
-
A quick explanation of what they missed
-
Short follow-up training
-
No shaming
-
No finger-pointing
After a few months, click rates drop dramatically — often by around 50%.
The goal isn’t to catch people doing something “wrong.”
The goal is to help them pause before they click.
That pause stops real attacks before they ever start.
Get Ahead of Cyber Insurance & Compliance Requirements
Cyber insurance requirements change every year.
If your renewal is in June, don’t wait until May to find out what’s new.
Ask early:
-
What security controls are now required?
-
What documentation will they ask for?
-
What’s changed since last year?
The same applies to compliance frameworks like HIPAA or CMMC. Many of them are gaining more enforcement “teeth,” not less.
Planning ahead turns compliance into a process — not a panic.
Take Inventory of Your Hardware (Not Just Computers)
Year-end and early-year planning is a great time to look beyond workstations.
Think about:
-
Firewalls
-
Switches
-
Access points
-
Cabling
-
Network closets
-
Printers and aging devices
Older infrastructure doesn’t just slow things down — it increases risk.
And quieter periods are often the least disruptive time to clean things up.
(If you’ve ever seen a before-and-after network rack, you know how much difference this can make.)
Don’t Call Them Resolutions. Call Them Habits.
You don’t need to do everything at once.
Start small:
-
Password manager
-
MFA
-
Phishing training
If you do just those three, you’re already ahead of many organizations.
Cybersecurity is a journey.
It’s a mindset.
And it gets easier once the habits are in place.
If you’re not sure where to start, or you want a second set of eyes on your environment, we offer a free security assessment to help you figure out your next best step.
