In the course of my 20-year career, the one thing I’ve seen again and again throughout my career – people have terrible passwords. You know a strong password can help protect your business, but do you really understand the importance of password security?
Yeah, yeah. It's important.... BUT.... you often use the same one again and again.
I get it. You're are in a hurry, you want to create the account and move on.
Others keep the same one for years at a time.
Strong Passwords: Too Important to Ignore
It’s so easy to forget the last time you changed a password. With over 100 passwords, I let a password manager generate unique passwords, and help me remember to update usernames and passwords on a regular basis.
And yet, managing your passwords needs to be a top priority – especially for small businesses. I put it right up there with another non-sexy business essential: security patches. It’s an important component of your overall data security.
Is it a pain? Yes.
Is it essential? Absolutely.
Most small businesses and nonprofits can’t recover quickly from a data breach or a hack. Not to mention informing customers you've exposed their personal information to a hacker.
Businesses usually can’t afford to be down for a few hours, days, or weeks.
Few things are more devastating to a small business than losing its credibility – particularly considering its smaller customer base and limited resources.
Nothing breaks customer trust like having to tell your customers their data was passed along to cybercriminals.
Or, telling your customers that a hacker wiped everything out and they need to provide their information again.
Consequences of Weak Passwords: Data Breaches
Unfortunately, data breaches are here to stay. According to Statista, there were over 1,800 data breaches in 2022, affecting more than 422 million people.
It’s estimated that every day 30,000 websites are hacked which can threaten not only business data but also customer information.
If your credit card company mysteriously sends you a new card or you receive an email from a company urging you to change your password (e.g., Dropbox), chances are your information is among the millions of records released into the public domain – with or without your knowledge.
For a small business, having your website or domain hacked, stolen credentials, malware, or a social media hack with forced follows and spam posts present nightmarish scenarios.
Although technology issues may be cleared up in hours, it could take months to recover lost revenues. Almost 60% of small businesses close after a data breach.
Although there are many steps to comprehensively protecting your confidential and sensitive information, understanding the importance of password security management is a significant and manageable step every organization can take.
Here are a few proactive things you can do to learn the importance of password security & boost your protection:
#1 Create a Strong Password for Every Account
“It takes only 10 minutes to crack a lowercase password that is 6 characters long” Hosting Tribunal.
Make it your goal to frustrate criminals. Password best practices include:
- Unique passwords for every account
- Be a combination of letters (Include upper and lowercase letters), numbers, and a special character (e.g., !, #, ?)
- Be at least 10 characters long (preferably 15 characters)
- Not easy to guess (e.g., passwords shouldn't include your account username, birthday, or address); and
- Change passwords at least every 6 months
- If two-factor or multi-factor authentication is available, set it up
Cybercriminals are looking for the easy mark. A recent survey found 67% of millennials use passwords like “password”, “1234”, or their username or birthday (all big no-no’s).
There are plenty of easy targets out there. Don’t be an easy mark.
Hackers use sophisticated software to crack passwords. If you use the same one for multiple accounts, it’s like leaving your keys on the front porch. Maybe no one will unlock the front door, empty all of your belongings into the back of your car and drive off. … but I’m guessing you don’t leave your keys on the front porch. With passwords, the stakes are higher because your digital front porch is globally accessible.
One of my favorite articles (I can’t believe I just said that out loud) is called How a Password Changed My Life.
It puts a new spin on things. The author created passwords connected to personal goals and mantras that helped him quit smoking and save money for a trip to Thailand. It sounds funny, but some passwords are typed in several times a day and if you’re saying it to yourself as you type it, those goals become your reality. When it’s time to update, you pick a new goal.
Another approach would be if you have a hobby or interest that could generate several unique ideas. For example, a movie buff might know that Samuel L. Jackson has 165 acting credits. Each password could be the name of a film, the year, and a special character. Boom. Done.
Because we all tend to use the same patterns for creating secure passwords, the most secure protection is to use random, long passwords. This is the method I use.
#2 Cybersecurity Tip: Who Can Gain Access to Your Online Accounts?
Unfortunately, your small business data is only as strong as its weakest link.
Who has access to your most important assets including finances, customer data, website(s), etc.? There are several possible vulnerabilities to consider:
- Co-owners
- Employees
- Former employees
- Accountants
- Tax preparers
- Web developers
- Shared web hosting – multiple users logging into the same web server
- Social media managers
- Shared folders/files on Google Drive, Microsoft OneDrive, iCloud, Dropbox, etc.
An attacker can use a phishing attack on anyone who has access and make the password vulnerable.
One of the most important password security best practices is to limit who has access and the amount of access to the bare minimum.
#3 Managing Your Information: Learn the Importance of Password Security
I’m an example of a provider that has access to small business information and accounts. I create websites that require me to have an administrator role for the websites I support. I also manage client webmaster tools and analytics that are connected to a Microsoft or Google account.
Every client should be asking me about my password protection. You should ask your providers too.
I use a password manager to encrypt, store, and create secure passwords for my clients, my business, and my personal accounts. It costs me about $12/year, syncs on all of my devices, and I’ve enabled two-factor authentication, which means I approve or deny each login into this software.
You aren’t fooling anybody if you have your computer password written on a post-it note hidden under your keyboard.
I’ve seen that “trick” dozens of times. If you have your passwords written down on a piece of paper and “hidden” somewhere, it’s easy to lose (and for others to find).
Password managers are secure databases that hold all of the websites, usernames, passwords, and secure notes in an encrypted format on a secure server. Your password “vault” is unlocked with a master password – which is the only password you will need to remember.
A good password manager not only stores your passwords but also creates reports to review the strength of your passwords, and generates random secure passwords. I use LastPass because it works seamlessly with mobile and desktop applications. LastPass offers a free version. The reporting feature helps you review duplicate/weak/old passwords, potentially compromised accounts, and overall strength.
While you learn the importance of password security, I recommend checking out a couple of the top-rated managers (e.g., LastPass, Dashlane, Sticky Password) – look for ease of use and whether it includes the features you need (e.g., sharing, mobile integration, desktop applications, password strength reports, management for businesses with employees, service providers, etc.). Go with an established, well-respected provider that does not store your master password – you should be the only person with access to it.
Final Thoughts
I wish I could say there aren’t any bad guys out there that want to steal your information. I hope this post helps you to take action. Ask questions, take control of who has access to your information, and find a method to manage your passwords.
It’s your information – protect it.
Ready for ongoing support?
Join us in the Strategic Marketing Membership where we offer events, coaching, and accountability.
