Why writing passwords down can cost you

Before we start, please don’t ever purchase a little notebook that says ‘passwords’ on it, to store your passwords in. That’s a very bad idea, and the number of these products for sale is staggering. Committing a password to paper might feel like the smart thing to do – after all, hackers based halfway across the globe are unable to reach it there but in reality, you’re just increasing the likelihood of a security breach closer to home.

If it’s 100% convenient for you, then it’s 100% convenient to someone you don’t want to know your passwords

It might seem like a bit of a paradox, IT companies telling everyone how simple it is to avoid hacking attempts, and yet the number of businesses getting hacked seems to grow ever larger, and the reason for this is usually that the solutions are perceived to be annoying, so they just aren’t implemented. 

Multiple factor authentication (MFA) where users are required to log in with their credentials, as well as entering a code that gets sent to them, usually via mobile, can stop a huge number of hacks in their tracks. Even if a hacker has your password – whether they’ve learned it in a data breach, obtained it in a phishing scam, or they’ve found a post-it that accidentally got stuck to someone’s shoe and discarded by a bus stop – if they’re unable to get the MFA code, then they’ll likely throw a bit of a strop, then immediately forget all about you and move on to the next account. 

MFA could have stopped the majority of big hacking cases that we see. The really frustrating thing for us is that it’s FREE. If you have Microsoft 365, you can implement MFA for FREE. An extra few seconds of logging in could save your company thousands. It seems like it should be a no-brainer, but it isn’t. If you’re on board but having trouble convincing your team, here are 9 ways to get your staff on board with cyber security.

Simply having a password policy doesn’t protect you

This might sound harsh, and having robust password policies is important, but if all you’re doing is getting new members of staff to read and sign them, then they’re not worth a thing if they’re not being followed. 

Here are some terrifying statistics about the implementation of passwords, that WILL be affecting your business. For example, did you know that 57% of people who have already been victims of phishing attacks are still using the same passwords? Accompanied by the 51% of users who use the same passwords for both work and personal accounts for ease of remembering, isn’t that scary? Your business is in the hands of these people! And getting hacked seems like a completely distant possibility until it happens to you. 

According to the UK Cyber Security Breaches Survey 2020, among businesses that have identified attacks or breaches, 19% of them have lost money and/ or data as a result of the breach. 

In reality, writing passwords down on paper doesn’t mean hackers can’t access them. They still have the ability to send phishing emails, and if not identified as a scam, a member of staff can give their login details easily without realising. All it does is create a false sense of security – as well as open you up to problems if a member of staff should see fit to use someone’s passwords for something they shouldn’t. (None of us likes to think like that, but it happens.)

Put down the sticky notes, and say hello to a password manager

A very basic solution to immediately increase password security and reduce the risk of hacking drastically is to implement MFA and start using a password manager across the board. Not only does this mean no one needs to use one password for everything in case they forget it, it means that you can give people instant access to accounts by giving them the login, but without them being able to see it – genius! 


Would you like to know more about protecting your business from becoming part of a horrifying statistic? Get in touch, we’d love to help

Want to find out how we can brighten your day? Get in touch.

You’re a busy person.

We’re here to do the IT so you don’t have to. If you request a call, there’s no pressure to become a customer – we can just have an informal chat about what you’re looking for and go from there.