In today's interconnected world, small businesses are increasingly becoming targets for cyberattacks. With limited resources and expertise, these businesses often struggle to defend themselves against sophisticated threats. However, by implementing robust password protection measures, small businesses can significantly enhance their security posture and safeguard their sensitive data. For World Password Day, Kaspersky is unveiling simple but crucial cybersecurity measures for password protection in a small business environment.
A study conducted by Kaspersky in the end of 2023 found that 84% of British small businesses experienced at least one cyber incident in the past two years. The consequences of those attacks were severe, and resulted in leaks of confidential data (39%), reputational damage (32%), loss of customer trust (25%) and more. Around 14% of small companies even had to suspend certain areas of their business operations. Examining the reasons for these cyber incidents, it’s clear that one of the main causes was the use of weak passwords or failure to perform regular password updates. This reason accounts for almost a quarter (24%), second only to downloading malware. To address the global issue, Kaspersky is providing tips below to help strengthen small businesses’ password policies.
Strengthening passwords
Despite its importance, 22% of UK SMEs respondents admitted to using weak passwords or failing to change them regularly. Additionally, ensure that passwords both robust and unique for each corporate service. Weak and reused passwords are easy targets for cybercriminals, who leverage automated tools to crack them and gain unauthorized access to sensitive information. By encouraging employees to use complex combinations of letters, numbers, and special characters, small businesses can mitigate the risk of password-related breaches.
Implement multi-factor authentication
Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide additional verification beyond just a password. This could include biometric data, one-time passcodes sent to a mobile device, or security questions. While small businesses may perceive MFA as complex or unnecessary, it is a critical security measure that can protect against various cyber threats, such as password theft and unauthorized account access. Enabling MFA significantly reduces the risk of unauthorized access to small businesses’ accounts, even if passwords are compromised.
Educate employees
Employee awareness is crucial for effective password protection and overall online safety within small businesses. Employees should be educated on the importance of strong passwords, the risks of password sharing, and the potential consequences of falling victim to cyberattacks. By fostering a culture of cybersecurity awareness, small businesses can empower employees to play an active role in protecting sensitive information and mitigating cyber threats.
Secure devices and networks
In addition to securing passwords, small businesses should also take steps to protect their devices and networks with cybersecurity solutions. With the increasing prevalence of remote work and cloud-based services, small businesses must ensure that their devices and networks are adequately protected against malware, phishing attacks, and other cyber threats. By installing reputable cybersecurity software, enabling firewalls, and keeping operating systems and software up to date, small businesses can significantly strengthen their defenses.
"The findings from this recent study highlight a critical gap in
cybersecurity protocols among small businesses, especially concerning password
security. Nearly a quarter of cyber incidents were linked to the use of weak or
infrequently updated passwords, pointing to a preventable entry point that
cybercriminals exploit to cause significant damage”, stated David Emm,
Principal Security Researcher, Global Research and Analysis Team at Kaspersky.
“On World Password Day, we recognise that while strong passwords are a
fundamental method to authenticate access to services, it's crucial not to
overlook the other dimensions of security. Employing multi-factor authentication
(MFA) that combines knowledge like a password, possession like a token, and
inherent traits like biometrics, ensures that only those who are authorised can
access sensitive data. This comprehensive approach transcends traditional
methods and fortifies security in our increasingly digital world."