Background
This isn't about technical password policy. It's about whether one weak login could unlock the whole business.
Questions to ask yourself
- Are important accounts protected by multi-factor authentication?
- Are passwords reused across systems?
- Are admin passwords known by too many people?
- Are passwords written down, emailed, or saved in documents?
- Are old supplier or contractor passwords still active?
What you can do today
Stop the highest-risk breach today
Three actions that take an hour.
- 01Turn on MFA for every admin account in Microsoft 365 / Google Workspace. Admins only, today.
- 02Run your director-level email addresses through haveibeenpwned.com.
- 03Get a real password manager — 1Password, Bitwarden, or Dashlane all have business tiers under £5/user/month.