New Year's Cybersecurity Resolutions for 2022

Future technology and digital security planning

New Year's resolutions usually fail by February. But cybersecurity resolutions matter too much to abandon.

Here are practical security resolutions for 2022 that practices can actually achieve and maintain.

Resolution 1: Enable Multi-Factor Authentication Everywhere

What It Is

MFA requires two forms of authentication: something you know (password) and something you have (phone, authenticator app, security key).

Why It Matters

Password compromises are extremely common. MFA prevents compromised passwords from providing access.

Where to Implement

Email (Office 365, Google Workspace)
Practice management software
VPN and remote access
Financial accounts and banking
Cloud storage and backup
Any system with sensitive data

How to Achieve This

Start with most critical systems (email, remote access). Roll out to additional systems monthly through Q1.

Provide clear instructions for staff. Support those who struggle with technology.

Resolution 2: Implement Password Manager

What It Is

Software that generates and stores strong unique passwords for every service.

Why It Matters

Password reuse is major security weakness. If one site gets breached, all accounts using same password are compromised.

Password managers allow strong unique passwords everywhere without needing to remember them.

Options

1Password (excellent for teams)
Bitwarden (open source, affordable)
LastPass (widely used)
Dashlane (user-friendly)

How to Achieve This

Q1: Select password manager and implement for IT and leadership.

Q2: Roll out to all staff with training.

Q3-Q4: Gradually replace weak and reused passwords with strong unique passwords.

Resolution 3: Regular Security Updates

What It Is

Keeping all software current with security patches.

Why It Matters

Unpatched vulnerabilities are entry points for attackers. Many breaches exploit vulnerabilities with available patches.

What to Update

Operating systems (Windows, macOS)
Applications (browsers, PDF readers, Office)
Servers and infrastructure
Network equipment (routers, firewalls)
Medical and dental equipment with embedded computers

How to Achieve This

Enable automatic updates where possible.

Establish monthly patching schedule for systems requiring manual updates.

Monitor for critical security patches requiring immediate deployment.

Resolution 4: Security Awareness Training

What It Is

Regular training helping staff recognize and respond to security threats.

Why It Matters

Staff are both vulnerability and defense. Trained staff recognize phishing, handle data properly, and report suspicious activity.

What to Cover

Phishing and social engineering recognition
Password security and password manager use
Physical security (lock screens, visitor policies)
Data handling and HIPAA compliance
Reporting security concerns

How to Achieve This

Q1: Initial comprehensive training for all staff.

Quarterly: Refresher training and updates on new threats.

Ongoing: Simulated phishing to test and reinforce training.

Resolution 5: Backup Verification and Testing

What It Is

Ensuring backups actually work and data can be restored.

Why It Matters

Backups you haven't tested might not work. Discovering backup problems during emergency is too late.

What to Do

Verify backups run successfully daily
Test restoring files monthly
Test full system restore at least annually
Ensure backup includes all critical data
Verify offsite/cloud backup is working
Implement immutable backups resistant to ransomware

How to Achieve This

January: Audit current backup situation. Identify gaps.

Q1: Implement missing backup components.

Ongoing: Monthly test restores. Annual full system restore test.

Resolution 6: Inventory and Secure All Accounts

What It Is

Know what accounts and services you use. Ensure all are properly secured.

Why It Matters

Can't secure what you don't know about. Shadow IT (services used without IT knowledge) creates security gaps.

What to Do

List all cloud services and accounts
Identify who has access to each
Remove unused accounts
Ensure all accounts have strong passwords and MFA
Review what data each service has access to

How to Achieve This

Q1: Inventory all known accounts and services.

Q2: Review and secure each account.

Q3-Q4: Ongoing monitoring and quarterly reviews.

Resolution 7: Implement Endpoint Detection and Response

What It Is

Modern security software going beyond traditional antivirus. Detects suspicious behavior and responds to threats.

Why It Matters

Traditional antivirus only catches known malware. EDR catches new threats based on behavior.

Critical for ransomware protection.

Options

Microsoft Defender for Endpoint
Crowdstrike Falcon
SentinelOne
Sophos Intercept X

How to Achieve This

Q1: Research options and select EDR solution.

Q2: Deploy to all endpoints.

Ongoing: Monitor alerts and refine configuration.

Resolution 8: Review and Update Incident Response Plan

What It Is

Documented procedures for responding to security incidents.

Why It Matters

Incidents require quick response. Having plan prevents confusion and mistakes during crisis.

What to Include

Who to contact (IT, insurance, legal, authorities)
How to contain different incident types
Communication procedures (staff, patients, authorities)
Documentation requirements
Recovery procedures

How to Achieve This

Q1: Create or update incident response plan.

Q2: Train key staff on plan.

Q3: Test plan with tabletop exercise.

Q4: Refine based on testing.

Resolution 9: Reduce Attack Surface

What It Is

Minimize what's exposed to potential attack.

What to Do

Close unused services and ports
Disable unnecessary features
Remove old/unused accounts
Segment networks
Implement principle of least privilege

How to Achieve This

Q1: Audit what's exposed and accessible.

Q2: Systematically reduce unnecessary exposure.

Q3-Q4: Ongoing monitoring and reduction.

Resolution 10: Cyber Insurance Review

What It Is

Insurance covering costs of data breaches and security incidents.

Why It Matters

Security incidents are expensive. Insurance helps manage financial risk.

What to Review

Do you have cyber insurance?
What does coverage include?
What are the requirements (MFA, EDR, backups)?
Is coverage adequate for practice size?
Does policy match current risk profile?

How to Achieve This

Q1: Review current cyber insurance or get quotes if uninsured.

Q2: Ensure security controls meet policy requirements.

Making Resolutions Stick

Start Small

Don't try to implement everything simultaneously. Pick 2-3 priorities for Q1.

Set Specific Goals

"Improve security" is vague. "Enable MFA on email by January 31" is specific and achievable.

Assign Responsibility

Who is responsible for each resolution? When is deadline?

Track Progress

Monthly check-ins on resolution progress. Celebrate wins. Address obstacles.

Get Help

Don't try to do everything alone. IT support, managed security services, consultants can help.

Our Recommendations

If implementing all 10 resolutions seems overwhelming, prioritize these 5:

Enable MFA everywhere
Implement EDR
Start security awareness training
Verify and test backups
Keep systems updated

These provide most security improvement for effort invested.

We Can Help

At Robell Technologies, we help Arizona practices implement cybersecurity improvements:

Security assessments identifying priorities
MFA implementation
Password manager deployment
EDR implementation and monitoring
Security awareness training
Backup architecture and testing
Incident response planning
Ongoing security management

If you need help turning security resolutions into reality, contact us.

Happy New Year 2022

Make 2022 the year your practice gets security right.

Choose resolutions you can achieve. Start with highest priorities. Get help where needed. Track progress. Adjust as you go.

Security isn't one-time project. It's ongoing practice. But New Year is good time to commit to improvement.

Here's to secure 2022. May your defenses stay strong, your backups stay good, and your resolutions stick beyond February.