5 Things Every Small Business Needs to Know About Passwords

All businesses are vulnerable to cyber breaches. Whether your company is a startup running from a garage or an independent bookshop, a security breach can be costly - or even the end of your business.

According to research by Cisco, 60% of small businesses fail within six months of a cyber breach. That's a frightening statistic - and demonstrates just how unprepared most small businesses are to the damage a breach can cause. It's time for all businesses large and small to take cyber protection and security awareness training seriously - and the first step is to secure your business's passwords. Here's how. 

1. Never write down passwords

There is absolutely no excuse for writing down passwords. By writing them down, you are handing over the keys to your accounts to whoever has access to the premises - whether an uninvited visitor or disgruntled ex-worker. There are now so many different ways to easily store passwords and share them with co-workers that there’s absolutely no excuse for ever writing down a password. 

2. Make your passwords complex

This is another rule that shouldn’t need to be repeated in 2019, but is unfortunately still forgotten about far too often. Some small business owners may believe that no one is going to take time out of their day to try and access their accounts or that they don’t contain anything that important anyway - but they are sorely mistaken.

Plenty of cyber attackers will target businesses purely for the pleasure of doing harm. Even if attackers have little to gain - which is likely not to be the case - they can still attack the online accounts of small businesses even just to vandalise them and watch the chaos unfold. 

3. Use secure methods of sharing passwords

One of the reasons that small businesses are still writing down passwords is that the number of devices and accounts may be limited by a restricted budget - leading to accounts having to be shared. There are, however, secure methods of sharing accounts and devices that don’t involve writing passwords on paper.

You should have separate user accounts for all employees who use a certain computer or device, allowing each user to have their own password. For shared online accounts, you should share passwords over secure, encrypted channels - such as a confidential email. Having multiple accounts is also essential for privileged user account control - only giving users access to things they need - which stops one breach from giving an attacker access to the entirety of your system. 

4. Use a password manager

Password managers are an essential security tool. They create and store all your passwords for you - allowing you to have stronger passwords than you could ever create or remember yourself. They can also be used for securely sharing passwords - many password manager tools have features to enable password sharing within businesses.

5. Turn on two-factor authentication

Two-factor authentication is one of the best ways to protect your business’s accounts. When you turn it on, anyone logging in will have to provide a secondary method of verification in addition to their password - often a code that is delivered to their phone in a text message. This makes it almost impossible for attackers to access your accounts from another device, even if your password becomes exposed. Not all services offer two-factor authentication yet, but many do - and you should ensure all your employees turn it on.