Skip to main content


You are here:

A new year means a new approach to cybersecurity

Forgive us, but here at STEP Software, we’re optimists, and we believe the dawn of a new year brings all sorts of opportunities for renewal and growth to employers and their employees. Optimistic doesn’t mean we aren’t realistic, though, and as 2023 dawns all fresh and clean and shiny and new, we also recognize that cybercriminals remain as threatening and dirty as they’ve always been. Actually, even more so. So, as we’ve been reviewing our own cybersecurity plans for the upcoming year, we wanted to share some recommendations with you so that you can consider incorporating them into your own workflow. Because it’s always a good time to focus on cybersecurity.


Let’s not call these resolutions, though. Because unlike our resolutions to eat better and get more steps in, we can’t afford to start ignoring cybersecurity before the first holiday credit card statement arrives in the mail.

Here’s a quick list of things you’ll want to zero in on as you tune up your organization’s cybersecurity strategy for 2023:


You’re only as secure as your latest software update. We all know that outdated operating systems, apps, browsers, firmware, and any other form of code are invitations to cybercriminals to do their thing. (We wrote about this recently: Apple security update – 5 lessons for the hybrid workforce.)

So if you do nothing else this year, make sure that all your network and end-user devices are running the latest updates from the vendor. If you haven’t updated your hardware and software inventories in a while, this is also a great time to take care of it.

Don’t view this as a one-time thing, though: firm up your strategy to ensure that going forward, updates, patches, and security fixes are regularly applied, preferably as soon as they are made available.

In this age of BYOD, make sure employee-owned devices are included in this process. Consult with human resources to ensure you’re in alignment with corporate policy.


Your people represent your greatest asset, but they can also be the likeliest threat vector for an attack. In 2022, we saw steep increases in ransomware attacks that were initiated by employees clicking on links in phishing emails or messages. In 2023, awareness will be key toward shutting this nagging window of vulnerability.

Update all security-related documentation, including terms of use, and review with employees to ensure that they are fully aware of the dos and don’ts of cybersecurity best practice.


If you aren’t specifically training employees in cybersecurity best practice, 2023 must be the year for this to start.

Avoid big-ticket, one-time training sessions, as the lessons are easily forgotten and rarely result in sustained changes to end-user behaviors. Instead, use online tools to incorporate security training into day-to-day workflows. Seek input from employees on what works best for them – and make sure your approach to cybersecurity training does not compromise their productivity.


When you review your budget roadmap for the year, ensure that cybersecurity has its own specific section.

All too often, security-related expenses are buried within other line items, which can make it difficult to properly prioritize cybersecurity spending, and effectively track it from year to year. To ensure it’s keeping pace with the fast-evolving threat landscape, this needs to be a critical focus this year.


Are you using a centralized set of security tools – such as intrusion detection systems (IDS) and endpoint protection solutions – to monitor activity and proactively defend against known threats? Do you have the requisite visibility to know what’s happening on your network in realtime, and to make effective decisions and take decisive actions in the event of an anomaly or an attack?

We’re long past the point where any company of any size can manage day-to-day without real-time monitoring, so let’s all make 2023 the year where we put this in place.

6 – CONSULT ISO 27001

We get it: knowing where to focus your cybersecurity efforts can be difficult. There’s lots to remember, and the landscape is constantly changing.

Fortunately, ISO 27001 can help. This globally recognized information security management standard can be used as a high-level checklist to ensure you’re following the right protocols – and aren’t missing anything in the process.

While some organizations invest in actually certifying themselves against this standard, you don’t have to upend your IT shop to benefit from its recommendations. Simply use it as a reference guide to ensure you’re headed in the right direction.


Let’s not mince words: 2023 is already shaping up to be the most challenging year yet when it comes to cybersecurity. The threat landscape continues to intensify, and organizations just like yours will be challenged as never before to stay one step ahead of the dark forces aiming to take us all down.

Fortunately, small changes to our behavior as the new year dawns can make a huge difference in reducing our threat profile and ensuring continued smooth – and safe – operation of the business. Drop us a line if you’d like to discuss additional ways to tighten your cybersecurity ship.