Executive summary
- As 2026 dawns, we’ve compiled a list of technology-related New Year resolutions that you may actually stand a chance of keeping.
- Organisations need to stop treating AI like a shiny new toy and implement a formal Acceptable Use Policy to protect their company data.
- Applying the principle of “least privilege” by auditing file permissions will reduce the risk of ransomware spreading through your network.
Introduction
It might feel like January 43rd, but – believe it or not – January is almost over.
By now, the shiny new gym kit is likely gathering dust in the corner, and that ambitious promise to learn conversational French has been replaced by doom-scrolling through the news.
But, if we’re honest with ourselves, most New Year’s resolutions are made to be broken anyway. When it comes to your business technology, though, the stakes are a little higher than skipping leg day.
As we settle into 2026, we’re operating in a world where the threats are getting smarter and the software is getting more powerful. The old habits we’ve clung to for decades are starting to hold us back.
So, here are the three tech resolutions you should be making this year.
Resolution #1: Stop changing your passwords
For years, IT departments (us included) told you that good security meant changing your password every 60 or 90 days. It felt like the responsible thing to do.
But the advice has changed.
The National Cyber Security Centre (NCSC) now explicitly advises organisations not to force regular password expiry. This might sound counter-intuitive, but there’s a very human reason behind it.
When you force someone to change their password four times a year, they don’t tend to choose a secure, random string of characters. Instead, they choose a pattern. They’ll pick something like “Spring2025”, and when the prompt comes back in June, they’ll change it to “Summer2025”. When autumn rolls around, they rinse and repeat.
Unfortunately, criminals know this too.
For 2026, we recommend that you implement a policy that encourages long, memorable phrases. Three random words are usually a good choice, because they’re long enough to beat a brute-force attack but also weird enough to remember. And, most importantly, you should only force a reset if you actually suspect a breach.
Combine this with Multi-Factor Authentication (MFA) and you’ve got a system that’s far more secure than the old revolving door method. Your staff will be less frustrated, and you’ll be less vulnerable to pattern-guessing attacks. Win-win.
Resolution #2: Give your AI some rules
If 2025 was the year Microsoft Copilot grew up and became a serious business tool, 2026 needs to be the year we all start treating it like one.
We’ve moved past the phase where everyone was just impressed that a computer could write a poem or summarise a long email. Now, your staff are likely using AI agents to handle complex workflows. They might be using it to analyse financial reports, draft sensitive client proposals, or debug code.
But are they doing it safely?
If you don’t have a formal AI Acceptable Use Policy (AUP) in place yet, it’s time to get moving. You need to define exactly what data can be put into an AI and what can’t. The risk here is that staff might inadvertently feed confidential information into a public model that uses that data for training.
We also need to think about the output.
As we discussed last year in our post about prompt injection attacks, AI can be tricked – and surprisingly easily. If your team blindly trusts everything the AI produces without verifying it, you’re opening the door to errors and security gaps.
We’d encourage you to sit down this month and draft a clear set of guidelines. Tell your team which tools are approved and which are banned, then explain the difference between public and private data. It doesn’t have to be incredibly long, but it does have to be clear.
Resolution #3: The great digital spring clean
Over time, all organisations accumulate digital clutter.
We create a temporary folder for a project and give everyone access to speed things up. Then we hire a freelancer, give them a login, and forget to disable it when they leave. Or maybe we migrate to the cloud but leave the old data sitting on an old server just in case.
This clutter is messy, no doubt, but it’s also dangerous.
And the more people who have access to a file, the higher the risk. If a hacker manages to compromise a junior staff member’s account, they shouldn’t be able to open the folder containing the CEO’s payroll data. But in many businesses, they can.
This is often called the principle of “least privilege”. It means ensuring that staff only have access to the files they actually need to do their jobs. Nothing more, and nothing less.
You can make 2026 the year you finally tackle this by breaking it down into three steps:
- Audit your user list. Remove the leavers and disable the dormant accounts that haven’t logged in for six months.
- Review your shared folders. Does the entire sales team really need edit access to the finance drive? Probably not.
- Archive the old stuff. If you haven’t opened a project folder since 2022, move it to cold storage so it’s not sitting on your live network.
It might take a bit of time to audit, but it closes the door on a massive amount of risk. Plus, it makes finding the right file a lot easier for your team, which is a nice productivity bonus.
Let us help you stick to your resolutions
The best thing about these resolutions is that you don’t have to do them alone.
Unlike that marathon you promised to run, these are changes that we can help you implement. Whether you need help configuring your password policies to match the latest NCSC guidance, or you want to stress-test your file permissions before the spring rush hits, we’re here to help you get it sorted.
It’s going to be a busy year, so don’t let bad habits from 2025 slow you down.
If you want to make sure your business is ready for whatever 2026 throws at us, speak to your Get Support Customer Success Manager or call our friendly team on 01865 594 000.