Two beauticians are at a service counter. One is on the phone whilst the other works on the computer. Overlayed in an illustration of passwords

Small Business Password Report

On World Password Day, the Australian Cyber Security Centre and Cyber Wardens have teamed up to remind small business owners everywhere to lock your digital doors, and create strong passphrases which keep cyber criminals out.

Passwords and passphrases are the first line of defence in keeping your business safe. If cyber criminals crack your password, they’ve got the keys to your business. They can steal your hard-earned cash, redirect invoices to their own bank account, access your confidential information or commit fraud by pretending to be you.

With so much at stake, it would be easy to assume that everyone knows and practices good password hygiene. But new research shows Australian small businesses have a long way to go to ensure their passwords are as safe as they could be.

A survey of more than 2000 small business owners and their employees shows that one in two has basic password vulnerabilities:

  • Only 54% of businesses are consistently not sharing passwords
  • Consistent use of Multi-Factor Authentication (MFA) where a second step of verification is required to access accounts only happens 53% of the time
  •  One in 5 never use a password manager or are unsure.
 

Password processes matter

The research shows that how your team manages passwords is very important. We need good processes to make sure everyone is cyber-safe, but in-person workers and casual workers need extra support to follow best practise.  Here’s why.

> In-person workers and password management

The temptation to share passwords on post-its, or just shout them to the cubicle next door is one in-person workers may struggle with. The survey also found that in-person working can create increased cyber risk around password security. 

WHAT TO DO ABOUT IT: 

  • Cyber Wardens can take a quick physical audit of office space ensuring no passwards are displayed on post-its attached to monitors. 
  • Include posters prompting cyber-safe password processes near workstations. We will be releasing a kit later in the year.  Sign up to be the first to get it .

> Casual workers and password management

The research shows we might be tempted to skip steps and share logins amongst casual team members because they are only using multi-factor logins 42% of the time compared to 56% of the time for full-time employees.
Setting up new passwords and logins for every casual staff member can seem time-consuming and frustrating, but we promise it’s more time-consuming to be hacked. 

WHAT TO DO ABOUT IT:

  • Ensure your casual team members have the skills and tools to keep your business cyber-safe. Consistency is key so set clear password policies and ensure everyone, casual or permanent, sticks to them.
  • Regularly audit your user accounts to ensure casuals who are not actively working for you have been removed from the system. This protects your business and may save money as well.


Improving your small business password skills

So, how can you upgrade your password skills?

1. Sharing is not caring

Don’t share passwords between programs and don’t share them between team members either.

2. Upgrade from a password to a passphrase

Update your passwords to a random combination of words called a passphrase, it’s easier to remember and tougher to crack for cybercriminals. For example, “crystal onion clay pretzel”.

3. Add a virtual deadbolt to your doors

Multi-Factor Authentication (MFA) gives you that extra layer of security like adding a deadbolt to your doors.
MFA works by adding additional safety steps to confirm it’s really you trying to get into your account. There are a few ways it can do this, but the most common is sending a one-off code to your phone or through a special app.
This extra layer helps prevent cybercriminals from accessing your business information if your password is compromised.

PRO TIP: Don’t forget, it’s important to roll out MFA for all of your team members and accounts.

4. Use a password manager

Passwords can be difficult to remember, right? Getting your team members to use a password manager takes the difficulty out of remembering multiple complex passwords and keeps them secure. Even better? Password managers can generate those hard-to-crack passwords for you.
For more information about passphrases and password managers visit www.cyber.gov.au
*Research conducted by 89 Degrees East on behalf of COSBOA, with 2000+ Australian small business owners and employees in November and December 2022.  
 

Follow for more tips and tricks that help keep your business cyber safe.

Subscribe for the latest research and advice

Telling us a bit about your business will help us match the program to your needs.

Learn how we keep your data safe here.

Follow for more tips and tricks that help keep your business cyber safe.