Share This Article
For businesses with 5 to 200 staff, you might assume that you’re too small to be a target for cyber-criminals.
The opposite is true: many attacks focus on organisations just like yours because they’re perceived as more vulnerable.
Weak password practices are one of the top entry points for an attack.
Unauthorised access to systems, data theft or ransomware
Loss of accountability (who logged in, who made the change?)
Compliance failures (e.g., National Cyber Security Centre (NCSC) / UK GDPR / Cyber Essentials implications)
Damage to productivity and business continuity
We went live talking to a variety of UK businesses owners sharing everything you need to know to keep your business safe with secure passwords.
Here’s a breakdown of what you’re risking when you allow or tolerate password sharing among employees:
When your team shares credentials rather than each person having their own login, you weaken security.
Hackers look for weak passwords, reused passwords and shared credentials.
If multiple people use the same account or password, you lose the ability to track who did what. This is a major issue if something goes wrong (accidentally or maliciously).
Many sectors in the UK require businesses to adopt reasonable technical and organisational measures to protect data. Shared passwords can undermine that duty.
Sharing credentials increases the risk of insider threats, whether this is done intentionally or accidental.
If an ex-employee keeps access, or someone uses another person’s credentials, your internal controls become weak and unsecure.
Using a shared login can cause bottlenecks (who changed the password?), confusion, and increased overhead when people leave or change roles.
Here’s a checklist you can implement this week to improve your password security:
If you haven’t already ensure you have a secure password policy in place so that every employee is aware of the guidelines you have set.
If you havent implmented one yet, not to worry!
Download our free template for help getting started.
For a small to medium business, the cost of a single breach (data loss, downtime, reputation loss, regulatory fines) often far outweighs the modest cost of a strong password management solution and a bit of training.
As one UK SME advisor puts it:
Many small businesses treat password management as optional, but when you look at the damages, it’s anything but optional.
Short answer: No, not if you’re sharing them the usual way. Localised, casual sharing (e.g., via email, WhatsApp, Teams) creates risk.
The Best practice is to avoid manual sharing of raw passwords.
The UK Government guidance states: “You should never allow password sharing between users.”
That said: If you must share access, use secure tools/controls rather than handing over the password itself.
Want to explore these secure options?
No, Text message or SMS is generally insecure for sharing passwords.
This is due to messaging apps being vulnerable to being intercepted.
If you want to explore more secure password sharing options click here to book a demo
No, WhatsApp is generally not recommended for sharing passwords even though they promote secure messaging and are a lot further forward than some other apps, this is still not recommended for best practices.
This is due to messaging apps being vulnerable to being intercepted.
If you want to explore more secure password sharing options click here to book a demo
No Text Message both (SMS, MMS as well as iMessage) are generally insecure for sharing passwords. For example:
Messaging apps or text: messages may be intercepted, phones may be compromised.
Want to explore these secure options?
No, any of these types of channels not matter what provider are generally insecure for sharing passwords. For example:
you cannot guarantee the listener is authorised, nor control logging of the password.
Want to explore these secure options?
No Facebook channels are generally insecure for sharing passwords.
For example:
Social media/Instagram/Facebook messaging: not designed for confidential password transmission, risk of account compromise, lack of audit.
In effect, sharing via these channels exposes the password to unnecessary risk.
Instead, use a proper password manager or secure vault that controls access.
Want to explore these secure options?
No Instagram generally insecure for sharing passwords. For example:
Social media/Instagram/Facebook messaging: not designed for confidential password transmission, risk of account compromise, lack of audit. In effect, sharing via these channels exposes the password to unnecessary risk.
Instead, use a proper password manager or secure vault that controls access.
Want to explore these secure options?
The platform itself may be secure, but if you simply write a password in a Trello card or pass it via 3CX chat or phone, you end up with the same risk: uncontrolled exposure, lack of audit, no individual accountability.
A better approach is: each user gets their own credentials, roles/permissions are assigned appropriately, and if a shared account is unavoidable, manage it via a vault.
Want to explore these secure options?
The platform itself may be secure, but if you simply write a password in a Trello card or pass it via 3CX chat or phone, you end up with the same risk: uncontrolled exposure, lack of audit, no individual accountability.
A better approach is: each user gets their own credentials, roles/permissions are assigned appropriately, and if a shared account is unavoidable, manage it via a vault.
Want to explore these secure options?
A robust password policy should include:
Every individual has a unique account for business systems (avoiding shared user accounts).
Requirements for password creation (length, uniqueness, avoid reuse across systems).
Conditions when shared/generic accounts may be used, and how access is managed (e.g., via a vault, logs, regular review).
Use of multi-factor authentication (MFA) or other measures as a standard for critical systems.
Process for changing passwords when someone leaves, a system is compromised, or when a generic/shared account is used.
Training for staff so they understand the risks of password sharing and weak credentials.
Anne-Marie Blazdell is a Marketing & Communications Manager with expertise in digital marketing, content creation, and IT solutions. With a strong foundation in graphic design, she trained at Farnborough College of Technology and Southampton Solent University before advancing into marketing and business IT support.
Since joining Syn-Star in 2022, Anne-Marie has specialised in crafting SEO-optimised website content, managing social media, and helping businesses navigate the complexities of IT. Her work bridges the gap between technology and business, making IT more accessible and effective.
Learn more about IT Support
Share this article
Sign up to our newsletter
Partnerships
You’re device is on an Unsupported Windows Operating System for your security, please contact us.
Team Productivity:
You and your team are able to see where they are using their time and how productive they are actually being. Also they are able to clock in and out, so really good for flexi-working.
Team Monitoring:
If you would like to know what your team is doing and how productive they are being, we are able to monitor them and create screenshots of what they are working on. This can be run in normal or stealth mode.
Book a FREE fact finding session to discuss the different options.
We proactively seek opportunities to support good causes for our community.
From sponsoring local community football teams, to engaging with charity fundraiser days, we believe it’s important to continually strive to do good for the better of others.
We have members who volunteer with youth organisations, are engaged with the Round Table, run marathons and volunteer at events where we may be needed. Every charity receives a discounted IT and Telecoms service too.
Protecting your digital data is crucial for every business and this can start with the industry-leading security we offer. The Syn-Star specialists can help with identifying any vulnerabilities within your IT systems and act accordingly to ensure cyber-attacks and data breaches are mitigated.
Your business will never fall behind with its technology when you work with Syn-Star.
We understand IT and Telecoms for your business is an investment, but it’s important to use the best resources available to enable the growth of your business. Our IT Consultancy and Virtual IT Director Services are available to support you with how you use your business technology for years to come.
Syn-Star can conduct quick and easy phishing exercises to identify people within your team who need to improve on their knowledge around fraudulent emails and how they can be alerted to these threats.
At Syn-Star, our experts can proactively work to understand exactly what software you need to support with the business operations. Whether you need a listening ear on what software to choose, or would like to seek some specialist knowledge, we’re here to help where we can.
At Syn-Star, we keep Telecoms simple. There’s so much available to help UK companies with their communications. VoIP systems, fixed landline, cloud phone systems, SIP trunking and more. Contact us for further details.
Desk phones, cordless phones or conference phones, Syn-Star can provide you with whatever you need.
From conference calling facilities to the headsets which work best for your team, we’re able to provide all the equipment you need and complete any telecoms job from start to finish.
There is no need to be in the office to make and receive phone calls from your company’s number. Our market-leading Telecoms platform gives you the flexibility of desk phones, soft phones and mobile apps as standard.
Whether your team works remotely, or perhaps staff are on a business trip anywhere in the world, calls can still be made, and people are reachable via phone wherever they go.
With a range of products, our team can support you by installing exactly what you need for internet connectivity. We work with the very best products to provide speedy bandwidths which play a part in the increased productivity of your team.
