Security managers end of year plan: What to do before 2025 begins
As the 2024 calendar begins to run out, now is the perfect time for security managers to break out their end-of-year plan. Taking time before the holiday break to assess, analyze, and plan for the coming year will guarantee a smooth transition come the New Year.
What should be included in your end-of-year wrap-up? In today’s blog, we’ll be sharing the seven things that every Security Manager should do before shutting off their computer for the last time in 2024.
Reflection 2024
Before diving into 2025, it’s important to review the past year. Sit down with your security team and reflect on what worked well and where you faced the most challenges. By reflecting on 2024’s successes and setbacks, you can note what you want to continue to do in the New Year and what you’ll need to focus on changing. Consider analyzing:
- What security awareness training saw good results? What didn’t?
- Did you face any incidents in 2024? What went well? What went wrong?
- Did you implement any new policies in 2024? Did they work? Why or why not?
- Did you make any changes to your security strategy in 2024? How did they affect your team’s security?
Write down your answers and highlight the things you want to keep, remove, and improve.
Identify high-risk areas and trends for 2025
Cyber threats are evolving rapidly. What threat you focused on this year, might completely change in the next year. Before clocking out for the holiday break, ensure you research all the upcoming cybersecurity threat trends in 2025. Consider how these could impact your business and make an outline for how you’ll shift your strategy to fight against your biggest threats.
Some considerations:
- AI and deepfake attacks
- Increased social engineering believability due to AI
- Geopolitical tensions
- Double extortion tactics
Prepare a year-end report
Most executives require a year-end report from all teams, but even if yours doesn’t, it can be a great tool to get the funding and support you need for 2025.
Gather your numbers for 2024, including annual incidents, training completed, and threats reported. Compare these numbers to previous years to see how your security awareness training and other efforts have helped your security improve. Not only will this give you intel on the impact of your strategies, but you can share the report with your board.
Use these numbers to gain executive support by showing them the real impact training can have on the business. Use the end of this report as another opportunity to nail down funding and executive support for the new year.
Create your outline for 2025
Leaving all the 2025 planning for your future self can seem tempting, but you’ll thank yourself for creating a rough outline now. Using the information you gained from your reflection with your team, the numbers in your report, and the feedback from your executives, create a rough plan for the next year.
Consider a year-long theme for your security approach. What do you want to focus on most? Then, break it down by month, with a monthly theme to help you reach your annual goal. Here’s an example:
Goal of the year: Improve security culture and compliance
- Jan: Thinking About Security. What does everyone think of security?
- Feb: Security Starts with You. The individual impact on security.
- March: Security Starts with Us. The team’s impact on security.
- April: Making Security Easy. How can we make security easier?
- May: Casual Security Conversations. How can we make security casual?
- June: The Biggest Security Stories. Driving interest in security.
- July: Brand Reputation. The effects of these incidents can be severe for the company.
- August: Building Secure Habits. Making learnings applicable.
- Sept: Bringing Security Home. How security can affect you at home.
- Oct: The Security Awareness Olympics. Making security competitive & fun.
- Nov: Generational Security. Share your knowledge.
- Dec: Thinking about security 2. What does everyone think of security now?
Do a final system update and data backup check
While everyone is tying up loose ends before the end of the year, ask them to do final updates and data backups. Schedule a time in the team’s calendar for a mass system update and data backup. Think about it like the last day before the holiday break, when the teacher would give everyone 10 minutes to clean out their desks or lockers.
Also, give yourself time to do a final system update and mega-data backup for the organization. With so much going on, sometimes simple things can slip through the cracks. Ensure these get done before the end of the year so you are going into the New Year with a ready-to-work network.
Give your thanks
Showing gratitude can make a big impact. Take a moment to acknowledge everyone who contributed to your program’s success over the past year. Even a simple Slack message to thank employees for their participation can mean more than you realize. If your budget permits, consider giving a small gift or gift card to those who consistently excel in training or show enthusiasm for your initiatives.
If you have security champions within your organization, gather them for a final meeting before the year wraps up. Use this opportunity to express your appreciation for their dedication. If feasible, provide a token of gratitude, such as a gift or card. Recognizing their contributions will not only make them feel valued but also encourage their continued support in 2024.
Finally, don’t forget to appreciate your own team and yourself. Security awareness professionals have had a challenging yet rewarding year. Celebrate the hard work by organizing a team gathering or handing out small gifts to boost morale. You’ve all earned it!
The end of the year is more than a time to wrap up loose ends—it’s a critical opportunity to build a stronger foundation for the future. By reflecting on 2024 and preparing strategically for 2025, your organization can stay ahead of the ever-changing cyber threat landscape. Use this checklist to ensure you close out the year with confidence and set the stage for continued success.