A weak password is like a cheap lock; it’s easy to break, and once the door is open, cyber-criminals can take just about anything. Weak passwords are not just the realm of casual Internet users; they are also an issue that is worryingly common in business, especially in small companies where passwords are regularly shared between colleagues.
According to a recent Verizon Business Data Breach Investigations Report, 97% of data breaches are due to the use of outdated software versions, non-hardened configurations and weak passwords, while other estimates showed that two out of three data breaches involve poor passwords.
Case in point: Small business security is only as good as the passwords protecting the computers and online accounts that employees use. Fortunately, you don't need to set up a complicated security policy; even some simple actions can heighten your security and keep cyber-criminals from breaching your fortifications.
Weak Passwords are a Big Security Threat
A big security threat facing small businesses is poor password hygiene—a risk your business should not ignore. The use of password managers can make this easier to deal with, allowing employees to use random passwords, without the need to remember them.
Mac users can also turn on FileVault, which encrypts all the files on a MacBook Pro or MacBook Air, and the password used for this needs to be able to withstand attacks. If an employee’s laptop is lost or stolen, it may contain valuable files and information, and unbreakable password protection can help ensure that no one can access that data.
In addition, many businesses leave the default user name and password on their routers, network attached storage devices, and other hardware, because it’s easier to deal with. But any hacker knows that the default user name and password on most routers is “admin” and "1234"; if yours is different, don’t worry, anyone can Google the model and find the defaults. Using a default password is a perfect example of poor password hygiene, and quite honestly, if you're guilty of doing this, it is a terrible habit you should change (as well as your passwords) immediately.
Small business owners need to be vigilant of security threats made possible by weak passwords; develop a solid password policy for your employees, and enforce it, requiring everyone to change their passwords regularly. If you must, put this on a sticky note so you don't forget: Passwords are the keys to your computers and your valuable data.
Don't be the Easiest Target
If you run a small business, you may be an especially easy target for hackers and cyber-criminals. The pickings may be slimmer than with a multinational corporation, but bigger companies are better protected. Your company may not have the resources to maintain a dedicated IT team, and no one person may be responsible for securing your network, implementing password policies, ensuring data protection, and, above all, analyzing attacks when they occur to unsure they don't happen again.
Do what you can even if resources are limited, as you're simply aiming to make your valuable data harder to get at than average. Think of it like the analogy of not having to outrun a bear to avoid getting eaten: you don't have to be fastest, you just have to run faster than the slowest guy. Don't be the easiest target, and you've made great progress.
If you manage the security of your company, we encourage you to download our SMB security white paper, where we look at the main cyber-security threats small businesses face, and give you some tips for shoring up your defenses.
Cyber-security is essential for businesses of all sizes, whether you’re a Fortune 500 company or a small business. With more business activities taking place on computers, over networks and in the cloud, businesses can no longer ignore the threats they face.