Cyber Resolutions for 2026, Part Two: The Full Naughty & Nice List 

As 2025 comes to a close, it’s the perfect time to look back at the cybersecurity habits that shaped the year — and the ones that will set your organization up for success in 2026. 

All month long, we’ve been sharing sneak peeks from our Cyber Naughty & Nice List. Today, we’re releasing the full list, along with a downloadable checklist you can use to review your cybersecurity posture going into the new year. This post shares the full Cyber Naughty & Nice List for 2026, along with a downloadable checklist to help businesses review cybersecurity habits before the new year.

Let’s dive in. 

 

The Cyber Naughty & Nice List for 2026

 

❌ NAUGHTY LIST 

These habits put businesses at risk: 

• Reusing passwords across accounts 

• Storing business passwords in browsers or unsecured notes 

• Delaying important software or system updates 

• Skipping device restarts (yes, it matters!) 

• Using unsupported or outdated line-of-business applications 

• Sharing logins between staff 

• Leaving admin accounts unprotected by MFA 

• Not reviewing who has access to files, apps, or confidential information 

• Relying on local-only backups 

• Working on unsecured public Wi-Fi 

• Ignoring suspicious emails 

• Not testing backups or disaster recovery plans 

• Failing to document security procedures 

• Using personal devices for work without security controls 

 

 

✅ NICE LIST 

These habits strengthen your cybersecurity posture and reduce risk: 

• Using a password manager 

• Enforcing MFA across all key systems 

• Running regular updates and security patches 

• Using company-managed devices with security tools installed 

• Testing backups and verifying restore capabilities 

• Reviewing user permissions and removing old accounts 

• Storing data securely with proper access controls 

• Using encrypted connections (VPN) when working remotely 

• Conducting basic cybersecurity awareness training 

• Implementing a documented incident response plan 

• Keeping line-of-business software supported and up to date 

• Using both local and cloud backups 

• Reviewing vendor access and permissions annually 

• Practicing the principle of least privilege for all users 

 

Use this checklist as a quick year-end audit to see where your organization stands — and what you can improve as you head into 2026. 

Download the full Naughty & Nice Checklist here. 

This checklist builds on the lessons shared in our earlier post on Cyber Resolutions for 2026.

A Strong Start to 2026 

Cybersecurity isn’t about perfection — it’s about progress. 
If your business improves even a few of these habits going into the new year, you’ll already be ahead of most. 

Whether you need help assessing your current posture or putting these resolutions into action, our team is here to support you. 

Here’s to a safe, secure, and successful 2026.