Close Menu
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing & Mental Health
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
X (Twitter) LinkedIn YouTube
Trending
  • Worldline is first in Europe to bring Click to Pay to recurring payments
  • Is It Too Hot to Work? High Temperatures and the Workplace
  • Why weak passwords are a bigger business risk than you think
  • Fair Work Agency urges SMEs to self-report employment law mistakes before inspections
  • How To Prepare Your Business For A Commercial Remortgage – And Avoid Costly Delays
  • Balance sheets & big dreams – how young entrepreneurs are building their financial confidence
  • Your business is growing. Is your operating model keeping up?
  • 60% of SMEs would accept more EU regulation for closer trade ties
X (Twitter) LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
  • Travel
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • Twitter
  • LinkedIn
  • YouTube
  • RSS
You are at:Home»Features»Why weak passwords are a bigger business risk than you think
Why weak passwords are a bigger business risk than you think

Why weak passwords are a bigger business risk than you think

0
Posted By Greg Robinson on July 3, 2026 Features, Technology

 A stolen password might seem like a minor inconvenience, but it is one of the most common ways cyber criminals gain access to business systems, sensitive data, and customer information.

Joshua Walsh, Information Security Practitioner at rradar, relentless’s embedded legal and risk management partner, believes there is a persistent misconception that serious cyber incidents mainly affect large organisations. In reality, SMEs are frequently exposed to far simpler vulnerabilities, including compromised credentials and everyday security gaps.

Despite a growing awareness of cyber risk, poor password habits persist. The latest research from NordPass shows that “123456,” “admin,” and “123456789” are still among the most commonly used passwords.

Joshua Walsh, Information Security Practitioner at rradar
Joshua Walsh, Information Security Practitioner at rradar

This matters because a weak password is not just an IT problem. Once an attacker gains access to a key system, the consequences can quickly spread across the wider business.

 Why passwords are an easy target

 Many cyber incidents are not caused by sophisticated technical failures, but by weaknesses in people, processes and everyday business practices. This often happens when warning signs go unrecognised or unreported by employees, and where security protocols are not robust enough to challenge seemingly trustworthy communications.

In many cases, exploiting weak credentials is far easier and more effective for attackers than attempting to bypass advanced technical defences. Passwords remain an attractive target because they act as a gateway to critical business systems, from email and finance platforms to cloud tools and more. Human behaviour can increase the risk, as people are often predictable. Convenience is frequently prioritised over security, leading to weak password choices or reused credentials. This creates a high-reward, low-effort opportunity for attackers, as a single compromised login can provide much broader access than businesses realise.

 The business impact

 The commercial consequences of a stolen password are often far greater than many SMEs realise. A compromised credential does not just create an IT issue; it can disrupt day-to-day operations, expose sensitive customer or financial data, trigger regulatory scrutiny and create significant reputational fallout.

The damage often extends beyond the initial intrusion. A compromised email account, for example, can allow cyber criminals to impersonate trusted employees, intercept communications or manipulate payment instructions in ways that appear entirely legitimate. Because these attacks often exploit normal business processes rather than technical failures, they can go undetected for longer, increasing the cost and complexity of the response.

For smaller businesses especially, the impact can be commercially significant, from operational downtime and lost productivity to legal advice, incident response support, customer communications and potential insurance claims. What starts with a single stolen password can quickly escalate into a much wider business problem.

 

Prevention matters

  • Cyber resilience is no longer just about responding when something goes wrong. For SMEs, simple preventative measures can make the difference between a minor incident and a major business disruption.
  • Steps to strengthen password security
  •  A strong password should be difficult enough to guess to provide meaningful protection. Here are some practical steps businesses can take:
  • Prioritise longer, stronger passwords – Aim for passwords of at least 12 characters, using a mix of uppercase and lowercase letters, numbers and special characters. Short passwords remain significantly easier to crack.
  • Avoid predictable password habits – steer clear of personal information, common words, and obvious variations, such as “Password1!” or swapping letters for symbols. Cyber criminals actively design tools to exploit these patterns.
  • Use passphrases instead – A long string of random words that’s easy to remember but hard to guess can often provide stronger protection.
  • Never reuse passwords – using the same password across multiple accounts creates unnecessary risk. Even if it’s a strong password, one compromised login can unlock several accounts.
  • Enable multi-factor authentication (MFA) – Even strong passwords can be stolen through phishing or credential theft. MFA adds a vital second layer of protection, making it significantly harder for attackers to gain access.
  • Use a password manager – these help teams generate and securely store strong, unique credentials without relying on memory or insecure workarounds.
  • Consider using passkeys where possible – Passkeys are becoming the preferred alternative to traditional passwords because they remove the need to remember or type credentials. They are tied to a trusted device and are far more resistant to phishing, password theft and credential reuse attacks.

 

As cyber guidance has evolved, some traditional password rules are no longer considered best practice. Forcing employees to change passwords every 60 to 90 days can encourage weaker, predictable variations. Similarly, rigid complex rules can lead to formulaic passwords that are easier for attackers to anticipate.

Instead, businesses should focus on strong, unique credentials, changing passwords when there is a suspected compromise, and layering security through measures such as MFA rather than relying on weak backup methods such as security questions.

For more detailed guidance on strengthening passwords, visit: https://rradar.com/what-makes-a-password-strong/

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Balance sheets & big dreams – how young entrepreneurs are building their financial confidence

Starting a Tech Business, when you’re not a Tech Expert

The HR Admin Problem Nobody Talks About: Why SMEs Need Smarter Systems

Comments are closed.

Follow SME Today on Linkedin and share all the topics you find interesting
Porsch Reading – Find Your Perfect Business Partner
Mastermind9
Events Calendar
    July 9, 2026 8:30 am

    The AI Edge Masterclass

    November 26, 2026 10:00 am

    South West Expo Swindon

  • Marketing
June 25, 2026

How Brands Can Rank in AI Search Without Buying Ads

June 23, 2026

How To Market A Restaurant

  • Finance
July 3, 2026

Worldline is first in Europe to bring Click to Pay to recurring payments

July 2, 2026

How To Prepare Your Business For A Commercial Remortgage – And Avoid Costly Delays

  • People
June 20, 2026

It’s Award Season For The Fd Consultant!

April 9, 2026

PSA President Returns From Global Summit As UK Spring Conference Heads To Leeds

  • Health & Safety
June 29, 2026

Health & safety violations costing British firms £44m annually

March 16, 2026

Health & Safety Trends To Look Out For In 2026

  • Events
June 29, 2026

Great British Expos Postpones South West Expo Due to Extreme Heat Forecast

June 16, 2026

Why Every SME Needs an AI Strategy — Not Just AI Tools

  • Community
June 19, 2026

Founders charity dinner set to raise funds for epilepsy care

June 17, 2026

Award-Winning Charity Launches New Initiative To Connect Local Organisations

  • Food & Drink
June 23, 2026

How To Market A Restaurant

June 23, 2026

From Corporate Comfort to Cultural Opportunity: The Bunta Beer Journey

  • Books
June 2, 2026

Build a Business So Good You’d Be Mad to Sell It

January 21, 2026

The CEO Mirage: Exposing the hidden traps that take smart leaders down

The Newsletter

Join our mailing list for the best SME stories, handpicked and delivered direct to your inbox every two weeks!

Sign Up
About

SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

Join Our Mailing List

Receive the latest news and updates from SMEToday.
Read our Latest Newsletter:


Sign Up
X (Twitter) YouTube LinkedIn
Categories
  • Books
  • Business
  • Community & Charity
  • Education and Training
  • Environment
  • Events
  • Features
  • Finance
  • Food and Drink
  • Health & Safety
  • HR & Recruitment
  • In Profile
  • Legal
  • Marketing
  • News
  • People
  • Property & Development
  • Sponsored Content
  • Technology
  • Transport, Travel & Tourism
  • Wellbeing & Mental Health
Magazine Information
  • About SME Today
  • Editorial Submission Guidelines
  • Advertising
  • Privacy
  • Contact
Copyright © 2025 SME Today.
  • About SME Today
  • Editorial Submission Guidelines
  • Advertising
  • Privacy
  • Contact

Type above and press Enter to search. Press Esc to cancel.

Subscribe Now!

Sign up for a FREE subscription and receive the latest news, features and updates from SMEToday:

I am interested in:
 

Thank you for subscribing to SME Today! We're thrilled to have you join our community. To complete your subscription, please check your email and click on the confirmation link. If you don’t see the email in your inbox, be sure to check your spam or junk folder. We look forward to sharing exciting news, updates, and exclusive content with you!

Join our mailing list to receive the latest news and updates from SMEToday
Read our Latest Newsletter: