Small business, big risks: prioritizing password protection

A study conducted by Kaspersky in the end of 2023 found that 84% of British small businesses experienced at least one cyber incident in the past two years. The consequences of those attacks were severe, and resulted in leaks of confidential data (39%), reputational damage (32%), loss of customer trust (25%) and more. Around 14% of small companies even had to suspend certain areas of their business operations. Examining the reasons for these cyber incidents, it’s clear that one of the main causes was the use of weak passwords or failure to perform regular password updates. This reason accounts for almost a quarter (24%), second only to downloading malware. To address the global issue, Kaspersky is providing tips below to help strengthen small businesses’ password policies.

Strengthening passwords

Despite its importance, 22% of UK SMEs respondents admitted to using weak passwords or failing to change them regularly. Additionally, ensure that passwords both robust and unique for each corporate service. Weak and reused passwords are easy targets for cybercriminals, who leverage automated tools to crack them and gain unauthorized access to sensitive information. By encouraging employees to use complex combinations of letters, numbers, and special characters, small businesses can mitigate the risk of password-related breaches.

Implement multi-factor authentication

Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide additional verification beyond just a password. This could include biometric data, one-time passcodes sent to a mobile device, or security questions. While small businesses may perceive MFA as complex or unnecessary, it is a critical security measure that can protect against various cyber threats, such as password theft and unauthorized account access. Enabling MFA significantly reduces the risk of unauthorized access to small businesses’ accounts, even if passwords are compromised.

Educate employees

Employee awareness is crucial for effective password protection and overall online safety within small businesses. Employees should be educated on the importance of strong passwords, the risks of password sharing, and the potential consequences of falling victim to cyberattacks. By fostering a culture of cybersecurity awareness, small businesses can empower employees to play an active role in protecting sensitive information and mitigating cyber threats.

Secure devices and networks

In addition to securing passwords, small businesses should also take steps to protect their devices and networks with cybersecurity solutions. With the increasing prevalence of remote work and cloud-based services, small businesses must ensure that their devices and networks are adequately protected against malware, phishing attacks, and other cyber threats. By installing reputable cybersecurity software, enabling firewalls, and keeping operating systems and software up to date, small businesses can significantly strengthen their defenses.

"The findings from this recent study highlight a critical gap in cybersecurity protocols among small businesses, especially concerning password security. Nearly a quarter of cyber incidents were linked to the use of weak or infrequently updated passwords, pointing to a preventable entry point that cybercriminals exploit to cause significant damage”, stated David Emm, Principal Security Researcher, Global Research and Analysis Team at Kaspersky. “On World Password Day, we recognise that while strong passwords are a fundamental method to authenticate access to services, it's crucial not to overlook the other dimensions of security. Employing multi-factor authentication (MFA) that combines knowledge like a password, possession like a token, and inherent traits like biometrics, ensures that only those who are authorised can access sensitive data. This comprehensive approach transcends traditional methods and fortifies security in our increasingly digital world."