One weak password could cost your company thousands.
Over half of UK SME employees (52%) have never received cyber security training, and far too many are still using passwords like 'CompanyName2025!'. It's time to change that.
Passwords remain the first line of defence in business security - and also one of the weakest. In Week 3 of Apex's Cyber Security Awareness Month, we're taking a closer look at how SMEs across Greater Manchester can drastically reduce risk by tightening up password habits and enabling modern authentication.
Most cyber breaches don't start with Hollywood-style hacking. They start with an email or a stolen credential.
"You'd be surprised how many staff at SMEs still use passwords like 'Password123!' or 'Summer2024', especially under time pressure. We once onboarded a 40-user account where half the team had variations of the company name as their login. Easy pickings for a brute attack."
If your team uses the same login for email, payroll, Microsoft 365 and Teams - you're at serious risk.
Recently, a locally-based accountancy firm reached out after an employee's password was compromised. A cyber criminal used stolen Office 365 credentials (from a previous data breach) to log in and sit silently in their inbox for days.
The attacker watched conversations, then jumped in pretending to be the employee - emailing a client to "update payment details". The client paid a £6,000 invoice to the scammer before realising it wasn't legitimate.
The password was one that was being used across multiple platforms. Had Multi-Factor Authentication (MFA) been enabled, the breach could've been prevented entirely.
If your business still relies on "strong passwords" alone, you're missing a crucial part of modern protection. Here's what Apex recommends:
Encourage your team to use memorable phrases instead of single words. 'BlueCoffeeRocket2025@' is stronger than 'Manchester1!'.
Multi-Factor Authentication (MFA) adds a second layer of security. Even if a password is stolen, it's useless without the MFA code. Apply MFA on:
Avoid sticky notes and spreadsheets. A secure password manager like Keeper (that's what we use here at Apex) or 1Password generates and stores long, ransom credentials that staff never have to remember.
"We've been using Keeper password manager for a while at Apex and the security we have with passwords speaks for itself. We've also recommended it to a number of our clients and have seen password reuse incidents drop to almost zero. It only takes 5 minutes to set up, and saves businesses thousands in risk."
Use group policies (especially in Microsoft 365) to enforce strong password creation across all users.
Check if any work email accounts or passwords have been exposed on the dark web. Apex can provide Dark Web Monitoring and run these kinds of reports for your domains, alerting you to compromised credentials in real time.
Your passwords are just one part of a wider access control strategy. Here's what Apex helps Greater Manchester businesses implement:
If you answered "No" or "I'm not sure" to any of the above - let's talk.
Apex offers tailored identity security solutions designed for SMEs in Greater Manchester just like you. We'll help you:
Passwords are the digital keys to your business - don't leave them under the mat.
Start by making MFA a non-negotiable across your company. It's simple, cost-effective, and stops over 99% of account takeover attempts. Pair that with smart policies and password manager rollouts, and you'll be miles ahead of the average SME.
Book a free consultation with our team and get a quick health check on your current setup.
We dive into securing hybrid and remote working setups - from home routers to personal devices.
Stay safe, stay updated, and stay on top of the basics.