Passwords are the key to your digital kingdom. Passwords, also known as “credentials,” provide the user with access to all information and data that the user has been authorized to access, whether in a personal or professional capacity. It is one thing to have a weak password for your personal accounts, but quite another to have a weak password for access to your employer’s data. If threat actors get ahold of your password, personally or professionally, you have given them the keys to the kingdom, and the damage can be devastating.

Take the story of KNP Logistics Group, a logistics company located in the United Kingdom that supported 500 trucks across the country. As of June of 2025, KNP had been in business for 158 years.

In June of 2025, KNP was the victim of a ransomware attack by the Akira group after they “guessed an employee’s weak password.” How did it happen? “Akira targeted the company’s internet-facing systems, found an employee credential without multi-factor authentication, and guessed the password. Once inside, they deployed their ransomware payload across the company’s entire digital infrastructure.”

But Akira didn’t stop there in its efforts to destroy KNP. “They also destroyed KNP’s backups and disaster recovery systems, ensuring that the company had no path to recovery without paying their ransom. The criminals demanded an estimated £5 million—money the transport company didn’t have.”

So, what happened? KNP shut its doors and went out of business after 158 years.

Why is there so much emphasis on changing passwords, not sharing passwords, not reusing passwords, having strong passwords and not putting passwords into an email, text, or over the phone when asked? Because that’s how threat actors get into the system, lock it down, make it very difficult to recover, and cause extortion incidents.

Small companies are at higher risk than large companies for these attacks. Some scary statistics for small companies include:

  • 82% of ransomware attacks in 2021 were against companies with fewer than 1,000 employees;
  • Small businesses receive the highest rate of targeted malicious emails;
  • Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises;
  • In 2020, there were over 700,000 attacks against small businesses, totaling $2.8 billion in damages;
  • 75% of small to medium businesses could not continue operating if they were hit with ransomware; and
  • 60% of small businesses go out of business after being hit with a ransomware attack.

These are very grim statistics and can be caused by one weak password. The tip for this week is to practice good password/credential hygiene. Keep credentials safe and secure, implement complex passwords, don’t share them, don’t use them across different platforms, if they are compromised change them immediately, and periodically check out the website, Have I Been Pwned.