Your cybersecurity checklist to help strengthen defenses this year

Cyber threats aren't slowing down as AI is changing the threat landscape at an accelerating speed and scale. The use of AI tools to create convincing messages, impersonate websites, and inject malicious prompts or code allows cybercriminals to utilize methods that challenge traditional detection mechanisms, leading to businesses being targeted more than ever.

2025 saw a surge in third-party breaches, with a 34% increase in vulnerability exploitation for entry into organizations¹. Also on the rise in 2025 were the average cost of a data breach ($10.22 million) and ransomware’s involvement in breaches (up from 37% to 44%)².

Strong cybersecurity starts with a robust, in-depth defense strategy, which most importantly includes informed, vigilant employees. This practical, in-depth checklist can help your organization build a strong security-first culture and stay ahead of emerging threats.

Prioritize business resiliency planning that includes incident response and data recovery

• Create or strengthen an incident response and data recovery plan. Kick off the year by developing or bolstering your organization’s strategy for responding to cyber threats or natural disasters.
  • Designate those who will execute the incident and crisis response plan.
  • Identify key stakeholders and decision-makers.
  • Prioritize the critical data needed to maintain operations.
  • Use tabletop exercises to test the response plan and continually refine it.

• Maintain an accurate inventory of your organization’s assets (IT equipment, data, and systems). In the event of an attack or disaster, this information will be helpful for insurance claims. Recovery of data after an incident will also require this information. Set a policy to maintain an asset inventory with a regular schedule for updating and verifying its accuracy.

• Perform automatic and continual backups of business data and information. Prioritize critical data, such as databases, financial files, spreadsheets, human resource files, accounts receivable/payable files, and core IT configurations.
  • Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two aspects of a data recovery and backup plan. Add these requirements to your plan.
  • Practice retrieving your backup files to make sure you can recover them in the event of a cyberattack.

• Create and enforce corporate policies for systems or areas where personally identifiable information (PII) and other sensitive data are held. This information may be accessed by bad actors, so help protect it with added security controls.

• Add additional layers of protection for critical data. Implement physical security, download offline copies of backups, and enable encryption. In the event of a ransomware or destructive malware attack, these additional backups can help allow for business continuity.

• Review and update your cyber liability insurance policy. In the event of a breach or attack, your organization’s policy can help cover financial losses. Assess whether your current policy provides the first- and third-party coverage your organization needs, based on its technology infrastructure and susceptibility to cyberattacks. If not, consider making it a priority to upgrade your policy and help protect your organization.
• Implement Shadow AI detection. Leverage a multi-layered approach that combines visibility, policy enforcement, and technical controls to manage unauthorized use of AI tools or Shadow AI in your organization.

Manage vulnerabilities

• Conduct an annual assessment of vulnerabilities in your IT environment. Set a regular cadence to audit the security posture of your IT environment and implement standards to ensure vulnerabilities are addressed.

• Enforce security controls for remote workers. Require employees working from home to use a virtual private network (VPN) and secured home router. Remind employees to keep work and personal devices separate to help keep sensitive data and networks safe.

• Keep all computer operating systems and applications updated with the latest security patches. Remaining up to date on the latest versions and patches can help prevent bad actors from exploiting vulnerabilities. Scanning tools can assist with identifying vulnerabilities and deploying patches across networks, endpoints, databases, and equipment.

• Ensure your organization’s antivirus, malware protection, and email security software are active and the most updated version available. These detective and preventative measures allow your organization to help prevent bad actors from exploiting vulnerabilities or gaining access to sensitive data or systems.
  • Use a firewall to protect the enterprise network.
  • Enable a security incident and event management (SIEM) system to collect data and help your team better detect and respond to incidents.
  • Consider investing in a managed security provider (MSP) for continuous monitoring.

• Consider subscribing to CISA’s Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) maintains an ongoing record of known vulnerabilities. Make sure you or your organization’s security team subscribes to this catalog and uses the information to prioritize vulnerability management.

Implement measures to help protect against common cyberthreats

• Employ identity and access management (IAM) policies. Your organization’s policies should include multifactor authentication (MFA) for all users, privileged access management, and single sign-on capability. These precautions can help mitigate insider threat risks.

• Implement role-based access control (RBAC) and restrict third-party access. Limit access to essential functions for employees and third-party entities to help protect your network, infrastructure, and data.

• Reduce or eliminate vulnerable connection methods into your network. These vulnerabilities, including Server Message Block or Remote Desktop Protocol, can allow bad actors to target companies with an ever-evolving form of malware called ransomware.

• Require permission for USB or remote drive access. Doing this will help protect against insiders copying sensitive data onto a remote drive or device.

• Control physical access to computers and network components. Technology devices, such as iPads or laptops, are common targets for theft. Consider your corporate asset inventory and implement measures to prevent unauthorized individuals from accessing them.

• Train employees to look for BIMI in their email provider. Brand Indicators for Message Identification (BIMI) is an email specification that displays brand-controlled logos next to emails as an added defense against business email compromise. For example, a validated email from Huntington will appear in a user’s inbox with a honeycomb icon to verify it’s from a trusted source.

• Add an external email banner. This banner, which appears at the top of emails from an external sender, helps draw attention to the fact that it isn’t from someone within the company. Seeing the banner alerts employees to stay vigilant against an email phishing scam.

• Assess your website and social media to determine whether they share too much information. Bad actors can use this public information to gain knowledge about a company and wield it through a social engineering attack to con employees into giving away access to secure data.

Develop and deepen a strong security culture

• Implement a year-round cybersecurity education program for employees Your organization’s security program should include awareness, training, and outreach efforts. Every member of your company should know their role in cybersecurity, regardless of their job role.

• Regularly provide communications to inform employees about common threats and best practices for protecting against them. Examples include how to identify and report a suspicious email or when to verify an email sender’s identity via phone or other communication methods.

• Educate employees about cybersecurity best practices. Employee education is one of the simplest ways to build a culture that prioritizes cybersecurity. Here are a few basic reminders to help keep employees vigilant:
  • Use strong passwords unique to each account. A password manager can help with this.
  • Never click suspicious links or open unknown attachments.
  • Lock devices when not in use.
  • Pay attention to email details, such as whether it is from an external source or includes brand indicators for message identification (BIMI).

• Set up multiple channels for employees to report suspicious behavior or cybersecurity incidents. Your employees should feel safe reporting incidents, even if they caused them. Allowing employees to report anonymously might empower some to speak up when they otherwise wouldn’t.

• Make sure employees can easily find contact information for your organization’s cybersecurity team. Consider adding the security team’s point of contact’s email and phone number to your intranet home page and encourage employees to reach out with questions or concerns.

Strengthen your organization’s cybersecurity defenses

Cyberattacks remain an ongoing threat to businesses across every industry. The effects of a successful data breach or attack can have far-reaching financial and reputational consequences. Preventative measures, like those included in this checklist, can help keep your organization safe and secure.

Download our business security checklist for a practical guide to staying ahead of fraud and enhancing payment security.

Huntington is committed to connecting you with the insights, resources, and expertise you need to grow and protect your organization. Start the conversation to learn more by reaching out to your relationship manager.