A Simple Guide to Password Security for Small Businesses

Accenture recently interviewed 2,647 senior leaders from 355 companies, across 11 countries and 16 industries, to examine the economic impact of cyber attacks. According to the study’s results, the United States tops the list of countries when it comes to an average annual cost of cybercrime, increasing 29% in 2018 to reach a whopping $27.4 million.

Humans are often the root cause of successful cyber attacks—whether by accident or intent—and a staggering 81% of company data breaches are due to poor passwords.

Fortunately, by taking some simple but effective password precautions, businesses can help to prevent the havoc and damage data breaches can cause. Small Business Trends suggests the following 14 password best practices to outwit hackers:

1. Make sure you create strong passwords

Creating strong passwords makes it significantly harder for hackers to break into your system. To generate strong passwords, make sure they are over 8 characters in length and incorporate a combination of letters, numbers, and symbols. You might also consider using letters in both uppercase and lowercase.

Some good examples of strong passwords include jelly22Fi$h and $m3llyCat.

2. Don’t bunch numbers and symbols together

A common password practice that’s frequently overlooked is spreading out the numbers and symbols in the password instead of clumping them together—an oversight that makes it easier for the password to be hacked.

3. Avoid the obvious

Passwords such as 12345 or password1 contain obvious patterns that make it easy for hackers to crack. Instead, try to create unique passwords that don’t use personal information (like your date of birth or child’s name).

4. Use two-factor authentication

Two-factor authentication is a highly effective safety precaution that requires you to input a PIN that gets sent to you via an email, text messaging or app. This practice prevents stolen passwords and helps to keep external persons from accessing your systems and accounts.

5. Conduct password tests

Use an online testing tool like the one at Microsoft’s Safety & Security Center to test the strength of your password or generate other passwords that are less likely to be hacked.

6. Don’t use dictionary words

Experienced hackers have systems that search tens of thousands of dictionary words. To avoid being the victim of a dictionary attack program, opt for random passwords instead.

7. Avoid making passwords too long

While it might seem like a good idea to create an overly long password that hackers couldn’t possibly figure out, passwords that go beyond ten characters can be very difficult to remember, let alone enter into your computer. Passwords that are 8 – 10 characters long are considered the optimum length for safety.

8. Don’t use the same password for different systems/accounts

Yes, it’s tempting to use the same password for every system and/or account your business has. However convenient that may be, using the same password for multiple accounts makes it easier for hackers to break into multiple accounts. Instead, make sure you diversify passwords and create a unique one for each account.

9. Use a password manager

Many businesses and professionals are using password managers, which allows them to practice high levels of security and maintain their sanity. That’s because password managers store your login information for all the accounts you use and help you log into them automatically. They also encrypt your password database with a master password–the only one you actually have to remember.

10. Make sure you secure your mobile

Mobile phones are being used more than ever to conduct business, shop and more, which means they’re also becoming a major safety concern. To protect your phone and other mobile devices from hackers, secure them with a strong password. Even better, use fingerprint or facial recognition passwords to help thwart hacking attempts.

11. Periodically change passwords

Much like using the same password for multiple accounts, it can also be tempting to use the same old passwords for years. Periodically changing passwords, however, is a good way to outwit hackers that might be targeting your business.

12. Don’t forget to change passwords when employees leave

Unfortunately, former employees who are disgruntled can become your business’s worst enemies, especially when they still have access to your accounts. To prevent angry former employees from hacking into your business accounts and wreaking havoc,  change passwords whenever an employee leaves the company.

13. Stay offline as much as possible

Avoid having company security information plastered across the internet—making it easy for hackers to steal—by signing out of accounts when you’re not using them. Also, remove any application permissions when you have finished with them.

14. Don’t Store Passwords

Avoid storing passwords either digitally or on paper. Doing so makes it easier for people with malicious motives to steal your information.


According to Secure Data Recovery, “The most common ways that hackers break into computers is by guessing passwords.”

“Simple and commonly used passwords enable intruders to easily gain access and control of a computing device. Conversely, a password that is difficult to guess makes it prohibitively difficult for common hackers to break into a machine and will force them to look for another target. The more difficult the password, the lower the likelihood that one’s computer will fall victim to an unwanted intrusion.”

~ Secure Data Recovery

Of course, if a hacker’s spy program is monitoring what you enter on your keyboard, your passwords won’t be safe. That’s why Small Business Trends advises that you “make life as difficult as possible for cybercriminals by using an up-to-date virus scanner and making regular updates to your devices.”

Find out how retailers like you are saving time and making money with the Rain POS system. POS, E-commerce, and Marketing all in one.

Sherene Funk is the author of the contemporary romance Autumn in Your Arms and two small business e-books. She is a voracious reader who owns more books than she can ever read in this lifetime. A graduate of Brigham Young University, she worked in advertising for many years before moving to her current writing position at Rain Retail Software. She researches non-stop to see what successful retailers do and loves to share what she learns with small business owners.