{"id":2564,"date":"2025-07-22T06:36:46","date_gmt":"2025-07-22T05:36:46","guid":{"rendered":"https:\/\/www.forestsoftware.co.uk\/blog\/?p=2564"},"modified":"2025-07-21T15:04:07","modified_gmt":"2025-07-21T14:04:07","slug":"why-your-small-business-needs-strong-passwords-and-trusted-access","status":"publish","type":"post","link":"https:\/\/www.forestsoftware.co.uk\/blog\/2025\/07\/why-your-small-business-needs-strong-passwords-and-trusted-access\/","title":{"rendered":"Why Your Small Business Needs Strong Passwords and Trusted Access"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes : <\/span><\/span><h1>Why Your Small Business Needs Strong Passwords and Trusted Access<\/h1>\n<p>I was reading this BBC article https:\/\/www.bbc.co.uk\/news\/articles\/cx2gx28815wo about how one password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work and thought that I&#8217;d write this article to discuss strong passwords and the need for trusted access to your systems.<\/p>\n<p>Running a small business is tough enough without worrying about hackers, scammers, or dodgy ex-employees messing things up. But sadly, the reality is that cyber threats are everywhere. One dodgy password or a bit of careless access can bring your whole business to a halt. Sounds dramatic, but it\u2019s true.<\/p>\n<p>In this post, we\u2019re talking about two super important things every small business owner should take seriously: using proper, strong passwords (none of this \u2018123456\u2019 rubbish) and making sure you only give access to systems and info to people you actually trust.<\/p>\n<p><!--more--><\/p>\n<h2>Why Passwords Still Matter (A Lot!)<\/h2>\n<p>We\u2019ve all heard it before: \u201cUse strong passwords.\u201d But let\u2019s be honest \u2013 how many of us still use the same old password we made up ten years ago because we can\u2019t be bothered to change it?\u00a0 After all, there are reports that the average person has 168 personal passwords and maybe another 90ish that are work related ( <a href=\"https:\/\/nordpass.com\/blog\/how-many-passwords-does-average-person-have\/\">https:\/\/nordpass.com\/blog\/how-many-passwords-does-average-person-have\/<\/a> )<\/p>\n<p>Here\u2019s the thing. Weak passwords are like using a plastic bag to lock your front door. It might keep out the wind, but not much else. Hackers don\u2019t even need to be clever these days \u2013 they\u2019ve got tools that can guess weak passwords in seconds.<\/p>\n<h3>Common Password Mistakes<\/h3>\n<ul>\n<li><strong>Using names or birthdays:<\/strong> Your dog\u2019s name and your kid\u2019s birthday aren\u2019t secrets, especially if you\u2019ve got them all over social media.<\/li>\n<li><strong>Repeating passwords:<\/strong> Using the same password for everything means if one site gets hacked, they all do.<\/li>\n<li><strong>Short passwords:<\/strong> The shorter it is, the easier it is to crack. Simple as that.<\/li>\n<li><strong>Sticking with defaults:<\/strong> Lots of systems come with a default username and password like \u2018admin\u2019 and \u2018password\u2019. That\u2019s basically an open invite for trouble.<\/li>\n<\/ul>\n<h2>What Makes a Strong Password?<\/h2>\n<p>A good password needs to be long, random, and difficult to guess \u2013 even for someone who knows you well. Think of it like a padlock. Would you rather use a flimsy one from a pound shop or a proper heavy-duty one?<\/p>\n<h3>Tips for Creating Strong Passwords<\/h3>\n<ul>\n<li><strong>Use at least 12 characters:<\/strong> Longer is better. Every extra character makes it harder to crack.<\/li>\n<li><strong>Mix things up:<\/strong> Use upper and lower case letters, numbers, and symbols.<\/li>\n<li><strong>Avoid obvious stuff:<\/strong> Don\u2019t use names, places, birthdays, or words from the dictionary.<\/li>\n<li><strong>Make it random:<\/strong> Use a password manager to generate proper random passwords if you can. They\u2019re way better than anything we can come up with ourselves.<\/li>\n<li><strong><a href=\"https:\/\/www.forestsoftware.co.uk\/blog\/2024\/07\/enhancing-small-business-security-the-word-method-for-passwords\/\">Use the three word method<\/a>:\u00a0\u00a0<\/strong>By using random words you can make them memorable to you but almost impossible to guess.<\/li>\n<li><strong>Use some other method<\/strong> : Personally I use something called a Qwerty card &#8211; this is a \u00a0simple plastic card that goes in your wallet for easy to remember very strong passwords.\u00a0 You can <a href=\"https:\/\/www.amazon.co.uk\/Qwertycards-simple-plastic-remember-passwords\/dp\/B00SLP3X7I\">find out more on this link<\/a> (An Amazon affiliate link that costs you no extra, even if you buy one &#8211; or more).<\/li>\n<\/ul>\n<p>Here\u2019s an example of a strong password: <code>V7&amp;u@2Lp!z#xFq91<\/code>. No one\u2019s guessing that anytime soon, of course that may be difficult to remember but BiologyFingerVibrant%)68 is more memorable and just as difficult.<\/p>\n<h2>What About Password Managers?<\/h2>\n<p>Password managers are tools that store all your passwords securely in one place. You only need to remember one strong master password, and the rest is sorted. They\u2019re especially handy for small businesses, where you might have loads of logins for different tools and services.<\/p>\n<h3>Why They\u2019re Worth Using<\/h3>\n<ul>\n<li><strong>No need to remember everything:<\/strong> Just the one password to rule them all.<\/li>\n<li><strong>They generate strong passwords:<\/strong> Most password managers have built-in generators that create complex passwords for you.<\/li>\n<li><strong>They fill in passwords automatically:<\/strong> Saves time and avoids typing errors.<\/li>\n<li><strong>They keep things secure:<\/strong> The good ones use serious encryption to protect your data.<\/li>\n<\/ul>\n<p>Some popular password managers for small businesses include LastPass, 1Password, Dashlane, and Bitwarden. They all have pros and cons, so do a bit of research and pick one that suits your needs. and that you trust.<\/p>\n<h2>Only Give Access to People You Actually Trust<\/h2>\n<p>This one might sound obvious, but you\u2019d be surprised how many small businesses hand out passwords and admin access like it\u2019s a freebie giveaway. Just because someone works with you doesn&#8217;t mean they need access to everything.<\/p>\n<p>Think of your business systems like rooms in a house. You wouldn\u2019t give the cleaner the keys to your safe or the plumber access to your home office, would you? Same logic applies here.<\/p>\n<h3>Levels of Trust Matter<\/h3>\n<p>There\u2019s a difference between trusting someone to do their job and trusting them with sensitive information. You might trust your part-time assistant to post on social media, but that doesn\u2019t mean they should be able to access your company bank account.<\/p>\n<p>Before giving anyone access to a system, ask yourself:<\/p>\n<ul>\n<li>Do they actually need it to do their job?<\/li>\n<li>Do they understand how to use it safely?<\/li>\n<li>What could go wrong if they mess it up?<\/li>\n<li>How much do I trust this person, really?<\/li>\n<\/ul>\n<h3>Things That Can Go Wrong (And Often Do)<\/h3>\n<p>Let\u2019s look at what can happen when the wrong person gets access:<\/p>\n<ul>\n<li><strong>Accidental damage:<\/strong> Someone presses the wrong button and deletes your whole website. Oops.<\/li>\n<li><strong>Data leaks:<\/strong> A disgruntled ex-employee leaks customer info out of spite.<\/li>\n<li><strong>Financial loss:<\/strong> Someone with access to your online banking goes rogue. Bye-bye business savings.<\/li>\n<li><strong>Reputation damage:<\/strong> One slip-up and suddenly customers don\u2019t trust you anymore.<\/li>\n<\/ul>\n<h2>Use Access Levels and Permissions<\/h2>\n<p>Most systems (like your website, cloud storage, or payment tools) let you set different access levels. Use them! Not everyone needs admin rights. Give people just enough access to do their job and nothing more.<\/p>\n<h3>Examples of Smart Access Control<\/h3>\n<ul>\n<li><strong>Social media:<\/strong> Use tools like Buffer or Hootsuite so staff can post without having the login details.<\/li>\n<li><strong>Website admin:<\/strong> Set up different user roles in WordPress, like editor or contributor, rather than giving everyone full control.<\/li>\n<li><strong>Shared files:<\/strong> On Google Drive or Dropbox, give \u2018view only\u2019 access unless someone needs to edit something.<\/li>\n<li><strong>Banking:<\/strong> Set up limited access for your bookkeeper, or use read-only access where possible.<\/li>\n<\/ul>\n<h2>What to Do When Someone Leaves<\/h2>\n<p>Whether it\u2019s an employee, freelancer, or someone who helped out on a short-term project, you need a process for <a href=\"https:\/\/www.forestsoftware.co.uk\/blog\/2010\/10\/preparing-for-a-smooth-staff-handover\/\">when they move on<\/a>. If someone leaves and still has access, it\u2019s like letting a former housemate keep a copy of your keys.<\/p>\n<h3>Steps to Take<\/h3>\n<ul>\n<li><strong>Change shared passwords:<\/strong> Immediately. Don\u2019t wait. Even if you think they\u2019re trustworthy.<\/li>\n<li><strong>Remove them from systems:<\/strong> Revoke access to email, cloud storage, social media, project tools, and anything else they used.<\/li>\n<li><strong>Collect devices:<\/strong> If you gave them a company phone or laptop, get it back.<\/li>\n<li><strong>Update your records:<\/strong> Keep a list of who has access to what, and keep it up to date.<\/li>\n<\/ul>\n<h2>How Often Should You Update Passwords?<\/h2>\n<p>This is a bit of a tricky one. Old advice used to say \u201cchange your password every 30 days.\u201d But now the experts say it\u2019s more important to use strong passwords and only change them if there\u2019s a reason to \u2013 like a security breach or a member of staff leaving.<\/p>\n<p>If you\u2019re using a password manager and have unique, strong passwords for everything, you probably don\u2019t need to change them all the time. But if there\u2019s ever a chance they\u2019ve been compromised, change them straight away.<\/p>\n<h2>Two-Factor Authentication: Just Do It<\/h2>\n<p>Two-factor authentication (2FA) is an extra layer of security on top of your password. Even if someone guesses your password, they can\u2019t get in unless they\u2019ve also got access to your phone or email. It\u2019s like a second lock on your door.<\/p>\n<p>2FA requires users to provide two different forms of identification to verify their identity when logging in, making it significantly harder for unauthorized individuals to access accounts.<span class=\"pjBG2e\" data-cid=\"78160562-6a3d-4e77-8574-73e0b3991593\"><span class=\"UV3uM\">\u00a0<\/span><\/span><\/p>\n<div class=\"WaaZC\">\n<div class=\"rPeykc pyPiTc\" data-hveid=\"CB4QAQ\" data-ved=\"2ahUKEwj47pSMjs6OAxWtQUEAHa63F1sQo_EKegQIHhAB\"><span data-huuid=\"8261762621318234568\">Here&#8217;s how it works:<\/span><\/div>\n<\/div>\n<div class=\"WaaZC\">\n<div class=\"zMgcWd dSKvsb\" data-il=\"\">\n<div data-crb-p=\"\">\n<div class=\"xFTqob\">\n<div><\/div>\n<div class=\"Gur8Ad\"><strong>1.\u00a0<\/strong><span data-huuid=\"8261762621318236267\"><strong>First Factor:<\/strong><\/span><\/div>\n<div class=\"vM0jzc\">\n<p><span data-huuid=\"8261762621318235468\">The user enters their username and password, which is the first factor of authentication.<span class=\"pjBG2e\" data-cid=\"010e3227-f4e2-43ed-9387-2995fa9787e9\"><span class=\"UV3uM\">\u00a0<\/span><\/span><\/span><\/p>\n<div class=\"NPrrbc\" data-cid=\"010e3227-f4e2-43ed-9387-2995fa9787e9\" data-uuids=\"8261762621318236267,8261762621318235468\">\n<div class=\"BMebGe btku5b fCrZyc LwdV0e FR7ZSc qVhvac OJeuxf\" tabindex=\"0\" role=\"button\" aria-label=\"View related links\" data-hveid=\"CDMQAQ\" data-ved=\"2ahUKEwj47pSMjs6OAxWtQUEAHa63F1sQ3fYKegQIMxAB\"><\/div>\n<\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"skd-aPjNJa2DhbIPru_e2AU__72\" class=\"bsmXxe\">\n<div class=\"zMgcWd dSKvsb\" data-il=\"\">\n<div data-crb-p=\"\">\n<div class=\"xFTqob\">\n<div class=\"Gur8Ad\"><strong>2. <\/strong><span data-huuid=\"8261762621318237966\"><strong>Second Factor:<\/strong><\/span><\/div>\n<div class=\"vM0jzc\">\n<p><span data-huuid=\"8261762621318237167\">After entering the password, the user is prompted to provide a second piece of information, which could be:<span class=\"pjBG2e\" data-cid=\"44670c9f-7f05-4608-8364-550021aedd04\"><span class=\"UV3uM\">\u00a0<\/span><\/span><\/span><\/p>\n<div class=\"NPrrbc\" data-cid=\"44670c9f-7f05-4608-8364-550021aedd04\" data-uuids=\"8261762621318237966,8261762621318237167\">\n<div class=\"BMebGe btku5b fCrZyc LwdV0e FR7ZSc qVhvac OJeuxf\" tabindex=\"0\" role=\"button\" aria-label=\"View related links\" data-hveid=\"CHUQAQ\" data-ved=\"2ahUKEwj47pSMjs6OAxWtQUEAHa63F1sQ3fYKegQIdRAB\">\n<div class=\"niO4u\">\n<ul>\n<li class=\"kHtcsd\"><span data-huuid=\"8261762621318234770\"><strong>A code from an authenticator app:<\/strong>\u00a0<\/span><span data-huuid=\"8261762621318238067\">This code is generated by an app on the user&#8217;s smartphone or other device. <\/span><\/li>\n<li class=\"kHtcsd\"><strong>A code sent via SMS:<\/strong>\u00a0<span data-huuid=\"8261762621318235670\">A text message containing a code is sent to the user&#8217;s phone number. <\/span><\/li>\n<li class=\"kHtcsd\"><strong>A security key:<\/strong>\u00a0<span data-huuid=\"8261762621318237369\">A physical device that the user plugs into their computer. <\/span><\/li>\n<li class=\"kHtcsd\"><strong>Biometric data:<\/strong>\u00a0<span data-huuid=\"8261762621318234972\">Such as fingerprints or facial recognition.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h3>Where to Use 2FA<\/h3>\n<ul>\n<li>Email accounts<\/li>\n<li>Banking and financial apps<\/li>\n<li>Cloud storage (Google Drive, Dropbox, etc.)<\/li>\n<li>Social media platforms<\/li>\n<li>Website admin panels<\/li>\n<\/ul>\n<p>Many of these platforms will prompt you to set up 2FA. If they don\u2019t, check the settings. It\u2019s well worth the few seconds it takes each time you log in.<\/p>\n<h2>Final Thoughts<\/h2>\n<p>Look, no one starts a small business thinking, \u201cCan\u2019t wait to sort out my password policies!\u201d But the truth is, getting this stuff right could save you a ton of stress, hassle, and money down the line.<\/p>\n<p>Use strong, unique passwords for everything. Don\u2019t hand over access unless it\u2019s 100% necessary. And when someone moves on, make sure they\u2019re locked out straight away. It\u2019s not about being paranoid \u2013 it\u2019s about being smart.<\/p>\n<p>Your business is worth protecting. Even if it\u2019s just you and a laptop in your spare room, the information you have \u2013 from customer data to payment details \u2013 is valuable. Don\u2019t make it easy for someone to take it away from you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes : <\/span><\/span>Why Your Small Business Needs Strong Passwords and Trusted Access I was reading this BBC article https:\/\/www.bbc.co.uk\/news\/articles\/cx2gx28815wo about how one password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work and thought that I&#8217;d write this article to discuss strong [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5,27],"tags":[],"class_list":["post-2564","post","type-post","status-publish","format-standard","hentry","category-business-advice","category-computers","category-human-resources"],"_links":{"self":[{"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/posts\/2564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=2564"}],"version-history":[{"count":0,"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/posts\/2564\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=2564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=2564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.forestsoftware.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=2564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}