World Password Day is 7 May. The problem isn’t awareness; it’s execution.
Phishing is growing in both volume and sophistication. Messages now mimic suppliers, colleagues and trusted services with convincing branding, tone and timing. Often, attackers aren’t “breaking in” at all: they’re logging in with credentials already captured via one well-crafted previous email.
Passwords are still the front door to most systems. If that door is weak, reused or predictable then attackers don’t need advanced tools, they just need you to be busy. Even experienced users get caught when a request looks credible and urgent.
A compromised password rarely stays contained because in this connected world stolen credentials are a stepping stone into email accounts, Practice Management and Document Management Systems all of which contain sensitive client data. For professional services firms that can mean confidentiality breaches, not to mention financial loss, regulatory exposure and reputational damage.
For individuals (staff and clients), it can quickly spiral into identity theft and loss of control across multiple accounts.
Use World Password Day to prompt you to lock down the fundamentals:
- Use strong, unique passwords everywhere
- Never reuse work passwords on personal or third-party services
- Turn on multi-factor authentication (MFA) wherever possible
- Use a reputable password manager to reduce risk and fatigue
- Consider using Passkeys where they are available
None of this is new, it’s just not applied consistently and that inconsistency is exactly what attackers target.
Passwords aren’t glamorous but they’re one of the few controls fully within your power. As phishingv evolves good password hygiene remains one of the simplest, highest-impact ways to protect people and the business.
David Baskerville
07769 946883
Do this today:
Enable MFA on your email account and change any password you’ve reused elsewhere.
Other articles in the 'Keep It Real' series
Keep It Real 5: Backups – The Last Line of Defence (Often Untested)
Most organisations say they have backups. Few can say, confidently, that they’ll work when the worst happens and they are needed. Backups are treated as a background safety net but in ransomware attacks, system failure or data loss they’re not a nice-to-have; they’re...
Keep It Real 4: Access Control. Who Actually Has Access to What?
Most organisations assume access is under control: logins exist, permissions are assigned and systems sit behind authentication. On paper it looks tidy but in reality access piles up over time, with little visibility and less removal. “Access creep” is one of the most...
Keep It Real 3: Software Updates, The Patch You Didn’t Apply
We tend to picture cyber breaches as sophisticated attacks beating sophisticated defences. In reality many breaches exploit something simpler such as a known vulnerability with a fix that was never applied. Patching is one of the most basic and effective security...
Keep It Real 2: Phishing Awareness – Still the Weakest Link
Cybersecurity spend keeps rising with better email filtering, stronger detection and more automation promising better protection. Yet phishing still works because while technology can reduce exposure, it can’t remove human judgment. Phishing has evolved with the...
Latest Articles
Keep It Real 5: Backups – The Last Line of Defence (Often Untested)
Most organisations say they have backups. Few can say, confidently, that they’ll work when the worst happens and they are needed. Backups are treated as a background safety net but in ransomware attacks, system failure or data loss they’re not a nice-to-have; they’re...
Keep It Real 4: Access Control. Who Actually Has Access to What?
Most organisations assume access is under control: logins exist, permissions are assigned and systems sit behind authentication. On paper it looks tidy but in reality access piles up over time, with little visibility and less removal. “Access creep” is one of the most...
Keep It Real 3: Software Updates, The Patch You Didn’t Apply
We tend to picture cyber breaches as sophisticated attacks beating sophisticated defences. In reality many breaches exploit something simpler such as a known vulnerability with a fix that was never applied. Patching is one of the most basic and effective security...
Talk to us today
Get In Touch
