top of page

Financial and Property Sector - how secure are your passwords?

Updated: Jul 1, 2023

Cybersecurity is a growing concern across all industries, and the financial and property sectors are no exception. With the increasing reliance on technology, these industries are becoming more vulnerable to cyber-attacks, which can have devastating consequences.

looking up at city buildings

54% of finance and insurance firms and 47% of admin/real estate firms have identified breaches or attacks in the last 12 months

Cyber Security Breaches Survey 2022


Cybercrime is now the biggest economic threat in the global economy – it’s cheap and easy to carry out and really hard to catch the people doing it. Couple that with remote working, poor cyber hygiene and a post pandemic business model for many that is tied to online trade, and you have created the perfect storm.


A successful attack will cause reputational damage, financial implications, and a massive disruption to how those in the financial and property sector operate.


So how safe are our company’s passwords?

A good password is one that is complex and difficult to guess, with a combination of uppercase and lowercase letters, numbers, and special characters. Such passwords are harder for hackers to crack using brute force methods, which involve trying millions of combinations of characters until they find the right one.


The below graphic represents the time to brute force a password using current technological capabilities.

brute force password table

It is vital that companies in the financial and property sector prioritize the use of strong passwords and implement strict password policies to ensure the security of their systems.


An ongoing issue is that the more complex the password the more difficult it is to remember - and with the general lack of uptake around password managers the NCSC guidance continues to encourage staff to use three random words as a password instead. Find out more here.


Multi Factor Authentication

Two Step Verification (2SV) and Multi Factor Authentication (MFA) play a vital role in safeguarding your systems, accounts, and devices. They offer an extra layer of protection by utilizing two or more methods to verify your identity.


Even with strong passwords, if someone gets hold of your password, the security of your system is compromised. However, by implementing 2SV or MFA, cybercriminals cannot gain access simply by cracking your password. They would also need your fingerprint, Face ID, or your mobile phone to authorize a login attempt using a mobile authenticator app.

picture of a lock and fingerprint

So how can you make sure their passwords are strong and safe?

The following 10 steps will need to be led from the CEO and senior management team and will need to be done in conjunction with any in house or outsourced IT support.

  1. See what passwords you and your staff have which are already known. Why not run a poll to see who has the most/least breaches? Haveibeenpwned.com is a website where you can enter your email address, telephone number, and see if your information has been captured in a data breach. As a business owner you can also register your domain and get notified when your domain pops up in another breach.

  2. Have a clear password policy for staff and tell them why having strong, unique passwords are essential. If you need help with this, our affordable student services offer security awareness training. Why don’t you make a booking to discuss further?

  3. Enable Two Factor Authorisation wherever you can, but especially on your emails and social media accounts.

  4. Be wary of public wi-fi, and do not use it to log onto secure sites. Having your cybersecurity and data compliance policy clarify this is paramount.

  5. Never log onto secure sites through following a link in an email (common phishing fraud).

  6. Only use remember password facilities on personal computers where you trust any other users.

  7. Check if a domain is secure. You’re looking for https:// or a small, locked padlock symbol at the beginning of a website’s URL - this indicates the site is using a secure link.

  8. Don’t enter passwords where someone may be able to see you typing.

  9. Never send passwords by email.

  10. Never share passwords or leave them written down next to your computer or in an easily found place, consider getting an enterprise password manager so they only have to remember one and the password manager generates and remembers the rest – goodbye reused passwords.

What next?

Here at the centre, we would advise you to do three things now

  1. Join our growing community by signing up to free core membership . You will be supported through implementing the changes you need to make to protect your business and your customers.

  2. For small and medium sized businesses in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. Join the centre as a free member and we will take you as far as the CE accreditation process. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited. Certification provides free cyber insurance and 99% protection either fully or partially from today’s common cyber-attacks.

  3. We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf.

Once you’re signed up you can access affordable cyber services carried out by our students which can help ID vulnerabilities and help protect your company from scammers and criminals. Contact us now to find out more.


Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.


Reporting a cyber-attack which isn't ongoing.

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.


Policing led - business focused


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page