Open sesame: are your passwords as secure as they could be?


Cyber incidents are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer.

No company is too small when it comes to cyber-attacks. Cybercrimes on small to medium-sized businesses (SMEs) are becoming more frequent and costly as hackers see them as an easy target due to their lack of resources and security knowledge. A new report from cloud security company Barracuda revealed small businesses are three times more likely to be targeted by cybercriminals than larger companies.

The pandemic led to a rapid transformation in our working habits as most of the world became more dependent on the internet. This shift to remote and hybrid working exposed gaps in online security and left the door further open to cybercrime. During the pandemic, the rate of cybercrime increased by 600% and there is no slowing down. The cost of cybercrime is on the rise and is expected to cost the world £10.5 trillion by 2025, according to Cybersecurity Ventures.

The consequences of not managing cyber security in your business can range from minor disruption to major financial loss. The damage to your reputation alone may be irreparable.

When it comes to protecting your business from cyber incidents, in particular your passwords, what can you do to increase security?

Password protection

Weak passwords have been identified as one of the top 10 vulnerabilities by techUK and the Cyber Crime Reduction Partnership. Cybercriminals can crack weak passwords easily using automated tools and quickly gain access to important confidential information.

Our 2021 Cyber Security Report took an in-depth look at cyber awareness among SMEs to identify gaps where improvements could be made to their defence against cyber-attacks. When it came to password protection, 28.6% of our survey participants reported not having a password policy in place and 5.7% were unsure whether they had one in place or not. Given the risks connected with weak passwords, how can you become more password savvy?

Make your passwords stronger

According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involved the human element. This includes stolen or insecure credentials, misuse, and human error.

Why break in when you can log in? A common data breach involves cybercriminals targeting a user’s credentials to take advantage of employees recycling passwords across work and personal accounts. This can give cybercriminals a shortcut into your company.

Staff awareness

This begs the question, are your employees aware of the risks of potential cyber threats and the role they play in preventing them? Your people are part of your protection. Educating and training your employees to spot the signs and respond appropriately is crucial to your cyber security. Making sure best practices are being followed is key to reducing the threat of sensitive data being easily accessible and falling into the wrong hands.

Solid passwords

Passwords are your first line of defence. Taking steps to enforce unique and complex passwords in your organisation can improve security and make your business less vulnerable to cyber-attacks. Three steps to stronger passwords:

  1. Make your passwords as long as possible – the longer the password the longer it will take to crack
  2. Make your passwords random – use a mixture of characters with lowercase, uppercase, numbers and special characters
  3. Make your passwords unique – use different passwords on different accounts, this will reduce vulnerability in the event of a hack

Multi-factor authentication

Two-factor authentication is an easy and effective method to help deter hacking attempts. Yet, when surveyed in our Cyber Security Report just 55.1% of our respondents said they use two-factor authentication for accessing key information.

Two-factor authentication involves adding a second step to the log-in process. It’s a simple way to verify that your users are who they say they are. These factors can include something a user knows like a username or password plus something they have on them like a smartphone app to approve authentication requests. Adding this extra layer of protection makes it harder for hackers to cheat the system.

Are you protected?

Security breaches can devastate businesses. With most breaches caused by weak, stolen, or reused passwords, the need for stronger passwords to prevent attacks is essential. No matter how big or small your business, it could be time for you to review and enhance your cyber security measures. If you’re still not convinced, the latest UK government survey found that in last 12 months, 39% of UK businesses identified a cyber-attack. Within this, 31% of businesses estimate they were attacked at least once a week.

Having the right processes in place is key for ensuring your business can detect and deal with cyber threats effectively. Don’t help a hacker with weak passwords.


If you’re thinking about additional measures to increase your cyber resilience, why not take a look at ISO 27001 – the leading international Standard for information security management.

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Susannah Peck

  • Company:

    Digital Marketing Executive

  • Bio:


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only