Small business, big risks: prioritising password protection

A study conducted by Kaspersky at the end of 2023 found that 76% of small businesses around the world and 88% in the Middle East, Turkiye and Africa (META) region experienced at least one cyber incident in the past two years. The consequences of those attacks were severe, and resulted in leaks of confidential data (34% globally, 29% of respondents reported this in META), reputational damage (23%, in META – 20%), loss of customer trust (20%, 9% in META) and more. Around 9% of small companies worldwide and in META even had to suspend certain areas of their business operations. Examining the reasons for these cyber incidents, it’s clear that one of the main causes was the use of weak passwords or failure to perform regular password updates. This reason accounts for almost a quarter (24% globally and 20% in META), second only to downloading malware. To address the global issue, Kaspersky is providing tips below to help strengthen small businesses’ password policies.

Create strong passwords

Despite its importance, this obvious measure is often neglected by employees who must often juggle numerous passwords for the variety of applications they use. Additionally, ensure that passwords are both robust and unique for each corporate service. Weak and reused passwords are easy targets for cybercriminals, who leverage automated tools to crack them and gain unauthorised access to sensitive information. By encouraging employees to use complex combinations of letters, numbers, and special characters, small businesses can mitigate the risk of password-related breaches.

Implement multi-factor authentication

Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide additional verification beyond just a password. This could include biometric data, one-time passcodes sent to a mobile device, or security questions. While small businesses may perceive MFA as complex or unnecessary, it is a critical security measure that can protect against various cyber threats, such as password theft and unauthorised account access. Enabling MFA significantly reduces the risk of unauthorised access to small businesses’ accounts, even if passwords are compromised.

Regularly update passwords

Regular password updates are essential for maintaining security hygiene and reducing the risk of password-related breaches. Small business owners should encourage employees to change their passwords periodically and enforce password expiration policies to prevent the reuse of old passwords. Furthermore, prompt password updates should be conducted in response to staff changes or when there are suspected security breaches.

Educate employees

Employee awareness is crucial for effective password protection and overall online safety within small businesses. Employees should be educated on the importance of strong passwords, the risks of password sharing, and the potential consequences of falling victim to cyberattacks. By fostering a culture of cybersecurity awareness, small businesses can empower employees to play an active role in protecting sensitive information and mitigating cyber threats.

Secure devices and networks

In addition to securing passwords, small businesses should also take steps to protect their devices and networks with cybersecurity solutions such as Kaspersky Small Office Security. With the increasing prevalence of remote work and cloud-based services, small businesses must ensure that their devices and networks are adequately protected against malware, phishing attacks, and other cyber threats. By installing reputable cybersecurity software, enabling firewalls, and keeping operating systems and software up to date, small businesses can significantly strengthen their defenses.

"Even the smallest businesses face significant cybersecurity risks. Therefore, it’s important for them to prioritise security measures and employ specialised cybersecurity products to safeguard their operations and customer data. For example, our Kaspersky Small Office Security, tailored specifically to the needs of small businesses, offers a hands-off security solution with 'install and forget' protection, and allows for saving companies’ budget, particularly crucial in the early stages of business development. It provides comprehensive protection against malware, phishing, ransomware, weak passwords and much more,” comments Kirill Litvin, Senior Product Marketing Manager at Kaspersky.