According to the Identity Theft Resource Center (ITRC), a staggering 73% of small businesses reported suffering some form of cyber attack in 2023.

If you're not a tech expert or running an IT company, chances are you're reusing the same passwords across multiple accounts. This is a serious problem for a number of reasons, but it becomes significantly worse when weak password habits extend to your business accounts. Even worse, many people use the same passwords for both personal and business accounts, creating an even bigger security risk.

Imagine waking up to find your business's social media accounts hijacked with spam posts, your email locked out, or your cloud storage wiped clean. Even more damaging, what if confidential internal conversations, customer data, or future business plans were stolen and leaked? These breaches happen every day.

Even if you can recover those accounts, the time, stress, and potential financial loss can be devastating.

Still using the same password and email you created in middle school? You’re likely not the only one who knows it.

I recommend checking if your email has been exposed in any known breaches by visiting Have I Been Pwned.

The good news? These risks are almost entirely preventable with a few simple steps.

The easiest way to prevent most cyber threats is by using strong, unique, randomly generated passwords for every account.

You're not trying to prevent a human from guessing your password—you’re up against powerful computers designed to crack weak credentials.

Unless you have an exceptional memory, keeping track of unique passwords for every account is impossible.

A good password manager solves this by:

It may seem risky to store all your passwords in one place, but the best password managers use zero-access encryption—meaning even the company behind the software can’t see your data. Your passwords remain protected by one very strong master password.

A properly secured password manager ensures that even if the company experiences a breach, your data remains unreadable to attackers.

I recommend Bitwarden because:

Bitwarden has great documentation on setup and usage, so I won’t go into full detail here. However, if you’d like a step-by-step guide, let me know—I’d be happy to create one.

MFA adds an extra layer of security by requiring more than just a password to log in. If you’ve ever had to enter a code sent via text or email after typing your password, you’ve used MFA.

While any MFA is better than none, SMS-based MFA is the weakest option due to SIM-swapping attacks.

For most people, I recommend using TOTP (Authenticator App MFA). It offers strong security while being easy to use and widely supported.

After setup, you’ll enter a unique 6-digit code from your app every time you log in. The code changes every 30 seconds, making it highly secure.

For those wanting to strengthen their business’s security further, the Cybersecurity & Infrastructure Security Agency (CISA) offers excellent free resources:

Taking these simple steps can save your business from unnecessary risks. If you have any questions or want a more detailed guide on a specific topic, let me know!