New Year 2024: Technology Resolutions That Actually Matter

New Year 2024. Time for resolutions that typically fail by February.

But technology resolutions matter too much to abandon. Here are practical resolutions for 2024 that practices can achieve and maintain.

Resolution 1: Implement Passkeys Where Available

What Are Passkeys

New authentication standard replacing passwords. More secure, more convenient.

Uses cryptographic keys tied to devices. Phishing-resistant. Can't be stolen like passwords.

Why 2024

Major services now support passkeys. Apple, Google, Microsoft accounts. Many websites and apps adding support.

How to Achieve

Q1: Enable passkeys for personal accounts (Apple ID, Google, Microsoft).

Q2: Roll out to staff for supported services.

Q3-Q4: Adopt as more business services add passkey support.

Resolution 2: AI Security Vetting Process

The Challenge

AI tools proliferating rapidly. ChatGPT, Copilot, industry-specific AI tools.

Each raises security and privacy questions.

What to Do

Develop process for vetting AI tools before use:

• What data does AI tool access?
• How is data used (training, improvement)?
• Is Business Associate Agreement available for healthcare?
• Where is data stored?
• What are privacy implications?

How to Achieve

Q1: Develop AI vetting checklist and approval process.

Q2: Review any AI tools currently in use.

Ongoing: Vet new AI tools before adoption.

Resolution 3: Quarterly Backup Testing

The Problem

Many practices have backups. Fewer test restores regularly. Discovering backup problems during emergency is too late.

What to Do

Test backup restores quarterly:

• Restore sample files
• Verify data integrity
• Time the restore process
• Document results
• Fix any problems discovered

How to Achieve

Schedule quarterly backup tests. January, April, July, October.

Assign responsibility. Put on calendar.

Resolution 4: Phishing Simulation Program

Why It Matters

Phishing is primary attack vector. Staff who recognize phishing prevent breaches.

Traditional training helps. Simulated phishing tests and trains simultaneously.

What to Do

Implement simulated phishing:

• Send fake phishing emails monthly
• Track who clicks
• Provide immediate training to clickers
• Gradually increase difficulty
• Measure improvement over time

How to Achieve

Q1: Select phishing simulation platform (KnowBe4, Cofense, others).

Q2: Launch program with easy tests.

Q3-Q4: Monthly tests, increasing sophistication.

Resolution 5: Move to Immutable Backups

The Ransomware Problem

Modern ransomware targets backups. Deletes or encrypts backup history along with production data.

What to Do

Implement immutable backups that ransomware can't modify or delete:

• Object-lock enabled cloud storage
• Write-once media
• Air-gapped offline copies
• Backup systems with immutability features

How to Achieve

Q1: Assess current backup immutability.

Q2: Implement immutable backup solution.

Q3-Q4: Verify and test immutable backups.

Resolution 6: Zero Trust Network Access

What It Is

Replace traditional VPN with zero trust network access. Verify every connection. Least privilege access. Better security for remote and hybrid work.

Why 2024

Mature solutions now available at reasonable cost. Traditional VPN showing age.

How to Achieve

Q1-Q2: Research ZTNA options, select solution.

Q3: Pilot with small group.

Q4: Roll out to all remote access users.

Resolution 7: Cloud Security Posture Management

The Challenge

Practices use multiple cloud services. Each has security configurations. Misconfigurations create vulnerabilities.

What to Do

Implement cloud security posture management:

• Inventory all cloud services
• Review security configurations
• Identify misconfigurations
• Fix problems
• Monitor ongoing

How to Achieve

Q1: Inventory cloud services and review configurations.

Q2: Fix identified security issues.

Q3-Q4: Implement ongoing monitoring.

Resolution 8: API Security Audit

Why It Matters

APIs connect cloud services. Insecure APIs expose data.

Many practices don't know what APIs they use or how they're secured.

What to Do

• Inventory all API connections
• Review authentication methods
• Check access permissions
• Remove unused API connections
• Implement API monitoring

How to Achieve

Q1-Q2: Audit existing API usage and security.

Q3: Implement improvements.

Q4: Ongoing monitoring.

Resolution 9: Vendor Security Reviews

The Problem

Practices select vendors based on features and price. Security assessment often minimal.

What to Do

Implement annual vendor security reviews:

• Request updated SOC 2 reports
• Review security questionnaires
• Check for vendor breaches
• Verify Business Associate Agreements current
• Assess continued appropriateness

How to Achieve

Q1: List all critical vendors.

Q2-Q4: Review vendors systematically.

Ongoing: Annual reviews, plus assessment of new vendors.

Resolution 10: Dark Web Monitoring

What It Is

Monitoring dark web and breach databases for compromised credentials from your practice.

Why It Matters

Staff reuse passwords. Credentials leaked from one breach get tried elsewhere.

Knowing credentials are compromised allows forcing password changes.

How to Achieve

Q1: Implement dark web monitoring service.

Ongoing: Monitor alerts, force password changes when credentials found.

Making Resolutions Stick

Don't Try Everything Simultaneously

Pick 3-4 priorities for 2024. Others can wait for 2025.

Set Specific Deadlines

"Improve security" is vague. "Implement immutable backups by March 31" is specific.

Assign Responsibility

Who owns each resolution? When is deadline? How is progress tracked?

Quarterly Check-Ins

Review progress quarterly. Celebrate achievements. Address obstacles.

Get Help

IT providers, security consultants, managed services can help implement resolutions.

Our Top 5 for 2024

If choosing only five resolutions:

1. Implement immutable backups
2. Launch phishing simulation program
3. Quarterly backup testing
4. AI tool vetting process
5. Annual vendor security reviews

These provide most security improvement for effort.

What's Different in 2024

AI Security

AI wasn't significant concern previous years. 2024 requires AI security strategy.

Passkeys

Technology finally mature and widely supported. Time to adopt.

Supply Chain Focus

Vendor security assessment more critical than ever.

Ransomware Evolution

Immutable backups essential, not optional.

We Can Help

At Robell Technologies, we help Arizona practices implement security improvements:

• Immutable backup implementation
• Phishing simulation programs
• Backup testing and verification
• AI tool security assessment
• Vendor security reviews
• Zero trust network access
• Cloud security posture management
• Dark web monitoring

Thirteen years serving Arizona practices means understanding both technology and operational realities.

If you need help turning resolutions into reality, contact us.

Happy New Year 2024

Make 2024 the year your practice gets modern security right.

AI security strategy. Immutable backups. Phishing resistance. Vendor security.

Choose achievable resolutions. Get help where needed. Track progress. Adapt as you go.

Here's to secure 2024. May your backups stay immutable, your staff recognize phishing, and your vendors stay secure.