Skip to main content

Woburn, MA – May 2, 2024 – Today Kaspersky recognized World Password Day by sharing a set of simple but important measures for password protection in a small business environment. By implementing robust password protection measures, small businesses can significantly enhance their security posture and safeguard their sensitive data.

In today's interconnected world, small businesses are increasingly becoming targets for cyberattacks. With limited resources, these businesses often struggle to defend themselves against sophisticated threats.

A study conducted by Kaspersky in the end of 2023 found that 84% of North American small businesses experienced at least one cyber incident in the past two years. The consequences of those attacks were severe, and resulted in leaks of confidential data 13% of the time in (34% globally), reputational damage (19% in North America), loss of customer trust (31%) and more. Thirteen percent of small companies even had to suspend certain areas of their business operations.

One of the main causes of these incidents was the use of weak passwords or failure to perform regular password updates. This reason accounts for half of incidents in North America. The second-leading cause was downloading malware. To help address the issue, Kaspersky is providing tips to help strengthen small businesses’ password policies.

Create strong passwords

First and foremost: create strong unguessable passwords. This obvious measure is often neglected by employees who must juggle numerous passwords for the variety of applications they use. Additionally, ensure that passwords are unique for each corporate service. Reused passwords are easy targets for cybercriminals, who leverage automated tools to crack them and gain unauthorized access to sensitive information across accounts. By encouraging employees to use complex combinations of letters, numbers, and special characters, small businesses can mitigate the risk of password-related breaches.

Implement multi-factor authentication

Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide additional verification beyond just a password. This could include biometric data, one-time passcodes sent to a mobile device, or security questions. While small businesses may perceive MFA as complex or unnecessary, it is a critical security measure that can protect against various cyber threats, such as password theft and unauthorized account access. Enabling MFA significantly reduces the risk of unauthorized access to small businesses’ accounts, even if passwords are compromised.

Regularly update passwords

Regular password updates are essential for maintaining security hygiene and reducing the risk of password-related breaches. Despite their size, small businesses are not immune to cyber threats, and outdated or compromised passwords can pose significant security risks. Small business owners should encourage employees to change their passwords periodically and enforce password expiration policies to prevent the reuse of old passwords. Furthermore, prompt password updates should be conducted in response to staff changes or when there are suspected security breaches.

Educate employees

Employee awareness is crucial for effective password protection and overall online safety within small businesses. Employees should be educated on the importance of strong passwords, the risks of password sharing, and the potential consequences of falling victim to cyberattacks. By fostering a culture of cybersecurity awareness, small businesses can empower employees to play an active role in protecting sensitive information and mitigating cyber threats.

Secure devices and networks

In addition to securing passwords, small businesses should also take steps to protect their devices and networks with cybersecurity solutions. With the increasing prevalence of remote work and cloud-based services, small businesses must ensure that their devices and networks are adequately protected against malware, phishing attacks, and other cyber threats. By installing reputable cybersecurity software, enabling firewalls, and keeping operating systems and software up to date, small businesses can significantly strengthen their defenses.

"In today's digital age, it's no longer realistic to assume that only large corporations are the primary targets of cybercriminals,” said Kirill Litvin, senior product marketing manager at Kaspersky. “In fact, even the smallest businesses face significant cybersecurity risks. Therefore, they must prioritize security measures and employ specialized cybersecurity products to safeguard their operations and customer data. For example, our Kaspersky Small Office Security, tailored specifically to the needs of small businesses, offers a hands-off security solution with ‘install and forget’ protection, and allows for saving companies’ budget, particularly crucial in the early stages of business development. It provides comprehensive protection against malware, phishing, ransomware, weak passwords and much more. At Kaspersky, we are deeply committed to empowering small businesses with the tools and resources they need to enhance their cyber protection. We believe that businesses can be both small and secure.”


About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at

Small business, big risks: Kaspersky releases SMB tips for World Password Day

Kaspersky Logo