I roll my eyes whenever I receive an annoying email or text that says, “You have not changed your password in a while. Would you like to change it now?” It seems like I get one at least every other week. Sometimes they’re fake, so I have to double-check the source.
In truth, password reminders do need to be taken seriously. Sadly, I’m probably as guilty as anyone and don’t stick to security rules well enough.
Cybersecurity has become far more than just an IT issue. I’m reminded what Sonny Corleone said in The Godfather. “Tom, this is business. This man is taking it very, very personal.” Business and personal worlds have collided in today’s hyper-connected environment. Every email account, banking app, customer database, and cloud platform represents a potential entry point for hackers.
Companies are investing more than ever in firewalls and advanced threat detection. However, one of the most critical vulnerabilities remains ridiculously simple. Weak or outdated passwords.
Tech expert and founder/former CEO of LockerGnome, Chris Pirillo famously said, “Passwords are like underwear. Don’t let people see them. Change them very often, and you shouldn’t share them with strangers.”
While humorous, the message underscores a serious reality. Password maintenance is foundational to your digital security.
Passwords are the literal front door. Whether you’re protecting personal financial information or sensitive business data, compromised passwords have damaging consequences. Identity theft, financial loss, and reputational or operational disruption are just a few of the risks.
Avoid These Habits
One of the most common mistakes people make is using overly simple, easy-to-remember passwords.
I’m always surprised that people believe names, birthdays, 123456, or password are reliable security. In reality, they’re the first combinations hackers attempt. I know some who think just changing the ‘a’ to ‘@’ covers them, such as p@ssword. Or that using p@$$word is any better.
Security expert Bruce Schneier notes, “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”
In other words, even the most advanced systems can be compromised by poor password practices.
We also unknowingly give hackers clues through social media. Platforms like Facebook, LinkedIn, and Instagram are proverbial hunting grounds for personal information. Birthdays, pet names, children’s names, favorite sports teams, anniversary dates, and even your high school can be shared or pieced together over time.
These details are exactly what many people use when creating passwords and answering security questions.
Equally problematic is password reuse. Many of us use the same password across multiple accounts. This creates a domino effect. If one account is compromised, others can quickly follow. A single data breach on a less secure website can give attackers access to email, banking, or corporate systems.
Don’t Be Fooled
One thing I implore you is to never put any financial information in an email—even to those you trust.
That means no banking or credit card information. They may not put it to bad use, but hackers certainly will. Emailing routing and account numbers is an invitation for trouble. If you can’t enter that kind of information directly into a trusted, secure payment website, call the vendor rather than emailing it.
Also, do not include your social security number in emails.
Former hacker turned IT consultant Kevin Mitnick was once one of the FBI’s most wanted hackers.
He warned, “Companies spend millions of dollars on firewalls, encryption and secure access devices. It’s money wasted because none of these measures address the weakest link in the security chain.”
That weakest link is most often human behavior. It’s all about what we share, reuse, and overlook.
Hackers don’t just check out online profiles—they study them. These insidious actors comb through your posts, photos, comments. Even old, outdated content can build a profile of who you are. Think about this. A simple birthday post can reveal a name and an age. That photo of your dog with its name in the caption becomes another common password clue.
A post as innocuous as referencing your first car or as benign as your favorite vacation spot can provide answers to common security questions.
So, never use anything you have posted on social media as even a portion of your passwords.
All of this is why strong password practices are essential.
Be Vigilant
Strong passwords are typically 12 to 16 characters and include uppercase and lowercase letters, numbers, and special characters. Most importantly, they should be unrelated to any personal information and unique for every account. Password managers can securely store and generate complex passwords. They also remove the burden of memorization.
I also use a password app that stores my passwords. It is extremely secure with its own complex password. In addition, I use multi-factor authentication (MFA), which enhances password security by requiring at least two verification methods, That could be a password and a mobile code, making unauthorized access much harder. I also like using face or fingerprint verification.
However, creating strong passwords is only part of the equation. Changing your passwords on a regular basis adds another layer of protection.
Even the most secure password can become vulnerable over time, especially if it has been unknowingly exposed in a data breach. Try to keep track of all accounts for any app you have created over the years. I personally discovered several accounts I don’t even remember creating for apps that I haven’t used in years.
You should delete those accounts before you delete the apps.
Business Approach
For businesses, the risk is even greater and the stakes are higher. A single employee login can provide access to entire networks, sensitive client data, and proprietary information. We’ve all seen what has happened to broadcast and related service companies. When their systems were compromised, it leads to costly downtime, legal liability, and a loss of customer trust that can take years—and significant expense—to rebuild.
In the end, cybersecurity doesn’t always require complex solutions.
As Kevin Mitnick also put it, “The human factor is truly security’s weakest link.” Strengthening that link through smarter password habits, increased awareness, and more cautious social media use are among the most effective ways to protect both you and your data.
You may not think about it often, but hackers spend all day doing little else.
Barrett Media produces daily content on the music, news, and sports media industries. Sign up for our newsletters to stay updated and get the latest information right in your inbox.
Bob Lawrence writes weekly columns on radio leadership and business. He most recently served as market manager for MacDonald Broadcasting in Saginaw, Michigan. Throughout his career, Bob has held virtually every position in the business over his 40+ year career, from being on-air in Philadelphia, San Diego, and San Francisco to programming legendary stations including KHTR St. Louis, KITS Hot Hits and KIOI (K101) San Francisco to serving as the head of all programming for Saga Communications and working for the Radio Advertising Bureau. Before landing his current role, Bob helped lead Seven Mountains Media’s cluster in Parkersburg, WV/Marietta, OH. He can be reached by email at BGLawrence@me.com.
Bob also honed his research skills over ten years as Senior VP of Operations at Broadcast Architecture, eventually launching his own research company and serving as President/CEO of Pinnacle Media Worldwide for 15 years. Bob spent five years as VP of Programming for Saga Communications before joining New South Radio in Jackson, Mississippi as GM/Market Manager. Prior to joining Seven Mountains Media, Bob served as General Manager for the Radio Advertising Bureau, overseeing its “National Radio Talent System”.
