Portal
Forum
Devolutions Force
Hub Business
Hub Personal
Devolutions Send
Devolutions Academy
RDM
Workspace
Launcher
The start of a new year is on the horizon, which means that millions of people around the world will be making New Year’s resolutions. These annual commitments include things like vowing to live healthier (pro tip: get more sleep and drink more water!), and promising to be smarter with money (how much LEGO does one truly need?).
Well, in light of this tradition we thought it would be helpful to suggest 10 New Year’s resolutions that are suitable for IT pros. These are actions, strategies, and behaviors that could significantly improve your work experience, performance, and results — and possibly your income, too (you know what this means, right? MORE LEGO!).
Ready to transform your work experience and maybe your life as well? Let’s go!
Resolution #1: “I will increase the frequency of backups.”
There was a time when it was fine for most companies to perform backups daily, or even weekly (and yes, some even did it monthly or just “whenever” it occurred to them). Well, that time is over.
With threats like ransomware on the rise, performing multiple backups throughout the day is essential. What’s more — and we can’t stress this enough — you also want to regularly check backups, to ensure that they are reliable and usable after a disaster.
Resolution #2: “I will design for rollback.”
Often, system and software updates are predictable and uneventful — which is exactly what you want. But occasionally, they trigger problems and issues, including some that could affect critical workflows or cause security vulnerabilities. Since there is no way to absolutely guarantee that an update will be flawless, do the next best thing by designing a rollback strategy that springs into action if an update turns into a fiasco.
Resolution #3: “I will stay on top of software patches.”
Timely patching is vital, but let’s face it: it can be also overwhelming. There are so many tools, apps, and platforms out there, and they all want patches (and then more patches). Thankfully, you can reduce the burden and reclaim some time with a good patch management tool.
The simplest tools are similar to software update reminders that notify you when a new patch is available. This is helpful, but keep in mind that you still need to manually go out do the patch. More comprehensive tools proactively scan network systems to detect missing patches, and they can be configured to automatically download and install patches on scheduled days/times. For insights and advice on some popular solutions in the marketplace, check out this helpful article at TechRadar.
Resolution #4: “I will create an incident response plan.”
In the immediate aftermath of a cyberattack, knowing what, when, why, where, and how to respond can make the pivotal difference between mitigating the damage — or experiencing massive losses. That is why you need a comprehensive incident response, which the National Institute of Standards and Technology (NIST) defines as "documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyberattack against an organization’s information systems."
To develop your incident response plan, start with a framework that outlines response operations, and clarifies how they are grouped or segmented. Frameworks are available from various organizations, including NIST, ISO, ISACA, SANS Institute, and Cloud Security Alliance. It is also smart to use incident response playbooks, which include procedures on how to handle common attacks caused by malware, ransomware, phishing, insider abuse, etc. There are many examples and templates available, including this excellent resource created by the Government of Western Australia.
Resolution #5: “I will eliminate weak password use across the organization.”
If some end users in your organization still choose weak passwords, then it may be a (small) consolation to learn that you aren’t the only IT pro dealing with this frustration. Results of the annual 2024 NordPass password survey were just released, and once again “123456” remains the most common corporate password, followed by “123456789”, “secret” and that ol’ standard that hackers love: “password”.
This year, your job is to do anything and everything you can to get end users to stop choosing weak passwords (and this includes executives who can be just as bad at this!). Some recommendations to reduce the risk include:
- Enforce 2FA/MFA
- Enforce passphrases instead of passwords
- Use a reputable password manager that has a built-in strong password generator
- Implement PAM and enforce just-in-time access for privileged accounts
- Compare all potential passwords against a list of known weak and compromised passwords (per NIST; see SP-800-63B Section 5.1.1.2 paragraph 5)
- Enforce a password history policy to prevent end users from re-using old passwords (the Center for Internet Security recommends setting this value to 24 or more; see section 1.1.1).
- Allow end users to copy/paste passwords — otherwise they are likely to use simple, short, easy-to-remember passwords (per NIST; see SP 800-63b paragraph section 5.1.1.2).
- Provide end users with cybersecurity training, which among other things reminds them that they could be held liable and responsible for enabling a cyberattack (sometimes when reason and logic fail to create a desired outcome, sheer self preservation may do the job!)
Resolution: #6: “I will help decision-makers understand what a password manager is — and what it isn’t.”
We just finished mentioning that a good password manager can improve password hygiene. This is true, but there is more to the story.
You also need to help the decision-makers in your organization grasp a critical fact: password managers are essentially business tools, and not security tools. This is because password managers are designed to centralize and manage data. They are not built for security. Rather, they are built for business continuity (i.e., if an employee who has set passwords exits the organization, their former colleagues can find those passwords).
What most urgently organizations need — whether decision-makers realize it or not — is to augment a good password manager with privileged session management (PSM) or privileged access management (PAM). These are not business continuity tools. They are robust security solutions that support advanced functions like:
- Secure credential injection
- Account discovery
- Automated password rotation
- Alerts and notifications
- Checkout request approval process
For more information on this extremely important issue, and for some background that you could use to make your proposal to decision-makers more persuasive, check out this article on the Devolutions blog.
Resolution #7: “I will investigate and eliminate shadow IT.”
Shadow IT is the use of hardware, software, and cloud services without the knowledge and approval of the IT team. Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside IT’s visibility — up from 41% in 2022.
Keep in mind that some end users who engage in Shadow IT are not necessarily committing insider abuse (at least not in the conventional sense). Instead, they may believe — and perhaps with some validity — that the only way for them to do their job effectively and efficiently is by breaking the rules. In these cases, listening to end users and implementing secure ways for them to work is the best approach for all involved.
Resolution #8: “I will upgrade from a VPN to a Gateway solution.”
A Gateway solution provides just-in-time access to resources in segmented networks. This is much more secure than using a VPN, and is especially vital if your organization has remote workers. Plus, a Gateway solution is far easier to manage then a VPN, and it doesn’t degrade the user experience. For more insights and advice in this area, check out this Use Case.
Resolution #9: “I will establish a process for employee departures.”
A survey found that 1 in 4 ex-employees said they could still access accounts from past jobs — including former IT staff and managers who had access to privileged accounts (a.k.a. “the keys to the kingdom”).
This year, eliminate this gap and risk by establishing a standard process for employee departures. At a minimum, the process should include the following core activities:
- Immediately change the employee’s password(s) so they cannot log in (if there is a valid reason for them to do so, they can make a proper request and if appropriate the information they want can be shared with them).
- Either disable or lock all accounts. Disabling accounts is recommended, since this eliminates the possibility of future access. However, it may be necessary to lock accounts until the data can be archived elsewhere (after which the accounts should be disabled).
- Change all passwords on shared privileged accounts, such as domain administrator accounts, local administrator accounts, emergency access accounts, application accounts, system accounts, and domain service accounts.
For a deeper look at these processes and advice on how Devolutions can help, check out this article on the Devolutions Blog.
Resolution #10: “I promise to manage stress and take care of my wellbeing.”
To wrap things up, let’s step away from the technology space, and focus on something that we hope will be a top priority for you: managing stress and taking care of your wellbeing.
Here’s the ugly truth: Exhaustion and burnout in the IT field is so widespread, that it has been dubbed a “chronic epidemic.” Sadly, this is not hyperbole. The British Interactive Media Association (BIMA) conducted a survey of over 30,000 IT pros across 33 countries and found that:
- 62% feel physically and emotionally drained due to the high demands of their job
- 56% struggle to relax after a workday
- 42% who feel burned out, or are at high risk of burning out, are thinking of quitting within six months
The good news is that there are proven ways to deal with and recover from work-related stress. Here is what various scientific studies have found and recommend:
- Harness the power of micro-breaks during the workday, which can be as little as 5 or 10 minutes. Small breaks of about 10 minutes are surprisingly effective for recovering from daily work stress (and it’s a great way to catch up on Sysadminotaur comics!).
- Discover which non-work activities help you recover from stress — and which ones actually make your stress worse. What helps your colleagues wind down and de-stress during the workday may not necessarily work for you.
- Shape your environment for optimal stress recovery. Direct exposure to nature, such as walking in a park during lunch break, can enhance recovery from stress in as little as 10 minutes. In addition, exposure to nature at work (e.g., window view, indoor greenery, etc.). can enhance well-being.
- Pursue activities that require significant effort. This seems counter-intuitive, but science says otherwise. So, instead of flopping down on the couch after a long and tough day, consider doing something like learning a language or playing a musical instrument (sorry, neighbors). Or if you prefer to get physical, jumping on an exercise bike or treadmill, or attending a martial arts class, could do wonders for your physical and mental health.
The final word
The start of a new year brings fresh possibilities, and the opportunity to make key decisions that lead to transformative change and lasting improvement. As applicable, we encourage you to add our suggested New Year’s Resolutions to your list.
And if you have any doubt about your willpower, then allow us to remind you that you are not an ordinary person. You’re an IT pro! You’re the last geeky line between control and chaos, security and susceptibility, productivity and panic. Your colleagues and customers depend on you (often much more than they realize!).
And throughout it all, be assured that the team here at Devolutions is 100% dedicated to helping you be, feel, and do your best in 2025 — and for many years to come!
