Nearly a quarter of participants highlighted cybersecurity as a priority for 2024, according to a study conducted by cybersecurity provider Kaspersky on New Year’s digital resolutions.

The survey of 5,500 adults across the UK, France, Germany, Italy, Spain and the Netherlands revealed 13% of respondents are committed to adopting stronger password practices throughout the year.

When responding to questions about digital privacy and online habits in the coming year, the development of better email management and doing more backups were also high on the list, followed by changing cookie settings.

David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team, pointed out it’s widely known that many people choose easy-to-guess passwords or reuse them across different accounts.

“Given that passwords are the keys to our digital world, it’s important to ensure that they are fit for purpose in securing our identities,” he said.

Emm explained that, to be effective, passwords must be unique (one password per account), at least 12 characters and hard to guess–for example, combining multiple, random words, using a long phrase and including numbers and alphanumeric characters.

“If that’s too daunting, use a password manager,” he said. “Or combine both approaches: The first for key accounts—an e-mail account, for example—and a password manager for others.”

Emm said while people have been predicting the demise of passwords for some years, he doesn’t think this will happen for some time, if ever.

“The key thing is multifactor authentication—using a combination of what you have, what you know and what you are,” he noted.

For example, in addition to a password, you use a one-time passcode for each transaction—ideally a one-time passcode sent to a different device from your phone or laptop.

“One of the most promising potential successors to the password is Passkeys,” he said. “The fact that it’s based on PKI makes it secure. Your private key never leaves your device, so it can’t be easily compromised, and the ‘password’ is unique per transaction. Also, there’s nothing to remember once it’s installed.”

However, while it has the support of Apple, Google and others, he admitted there isn’t yet enough widespread integration of the technology into password managers and browsers.

Among the other cybersecurity resolutions people should be making in 2024, Emm recommended applying patches as soon as they become available for all devices used for online transactions.

“Use a unique, complex password for all your online accounts and review privacy and security settings carefully and limit what can be seen and shared,” he said. “Disable apps and features unless in use, disable tracking services and location services, and set your browser to clear cookies regularly.”

He also suggested checking email addresses against services such as “Have I Been Pwned” to see if any digital accounts have been compromised.

“Companies need to focus more on educating staff to improve the resilience of the organization to attacks, so many of which start by tricking individuals into doing something that jeopardizes the security of the company they work for,” he said.

James Hadley, founder and CEO of Immersive Labs, agrees employees who take part in the organization’s cybersecurity drills or demonstrate best practices are assets to cyber leaders, so it’s important to build a culture that recognizes their diligence whenever possible.

“At a time when many cybersecurity professionals are considering leaving the industry due to stress, it’s important that all employees believe their contributions to cybersecurity are valued,” he said. “Acknowledging employees’ dedication to cybersecurity initiatives motivates them to continue this level of work and positive behavior.”

Mike Scott, CISO at Immuta, said in 2024 it will be critical to continue to instill security as part of the business culture.

“Work to educate all arms of the business—from the C-suite to marketing to data practitioners—on security best practices,” he said. “This will strengthen what’s lacking in the current talent volume and create more harmony across the organization so they can tackle security together.”

Hadley points out that cybersecurity is not just the responsibility of the cybersecurity team; the whole workforce needs to be adequately prepared for attacks.

“Provide opportunities for employees throughout the organization—regardless of role or department—to upskill their cybersecurity capabilities, understand their shortcomings and improve,” he said.

That means all employees should have access to cybersecurity exercising relevant to their individual responsibilities.

“This gives leadership insights about where there are skills gaps they need to address,” he said.