As regular readers of TechCrunch will know, 2024 was — much like the years before it — full of data breaches, ransomware attacks, and mass-hacks exploiting some of the most trivial software vulnerabilities. Even the most well-resourced organizations failed to keep hackers out of their systems over the past twelve months. AT&T experienced its second massive breach of the year, this time affecting “nearly all customers”; Ticketmaster had an alleged 560 million records stolen in the hack of cloud storage giant Snowflake; and health insurance giant Change Healthcare was hit by a ransomware crew that accessed the sensitive medical details of at least a third of all Americans. Your startup doesn’t have to suffer the same fate in 2025. Some of the simplest things in security can help keep malicious hackers at bay. Here are some simple — but effective! — cybersecurity resolutions you should make as we head into the new year. Password managers securely store all of your company passwords, so your employees don’t have to worry about remembering them. Password managers also help to create and save unique and complex passwords for all your accounts. This can help prevent account intrusions caused by password re-use, where hackers take advantage of people using the same username and password across various online accounts. As soon as one password is compromised, the hackers can access the person’s other accounts using the same password. Some companies are moving away from passwords altogether and relying on passkeys, which are resistant to phishing attacks, and other passwordless technology.Passwords alone are not on their own enough to defend your most important accounts against malicious threats. Hackers stole at least 1 billion personal records in 2024, helped largely by the use of stolen credentials for corporate accounts that were left unprotected by multifactor authentication. MFA, a security feature that requires users to provide an additional code beyond just a password when logging in, makes it far more difficult for cybercriminals to break into online accounts. In the case of cloud computing giant Snowflake, mandating the use of MFA could have prevented a pair of hackers from stealing highly sensitive data from AT&T and more than a hundred other corporate customers.Most security folks will recommend using authenticator apps that generate login codes on the device, rather than codes sent by SMS text message, which can in some cases be intercepted.Some of the most damaging breaches of 2024 were caused by a years-old problem: Unpatched vulnerabilities in third-party software. One big hacking target in recent years are managed file-transfer tools, the software used by large companies and enterprises for transferring often large data files over the internet. Some file-transfer products and other enterprise technologies have been around for years (or longer), and are targeted for their propensity to store troves of sensitive
Ven. Gen 10th, 2025
