There’s really nothing worse than getting hacked and leaking your company and/or client passwords to unscrupulous cybercriminals to do what they wish with. At the company level, you’re immediately put into panic mode, frantically trying to change all your passwords before the hacker can lock you out of your accounts and steal invaluable data.

On the customer level, it’s really hard for a small or medium size enterprise to recover, branding wise, from a password hack and the fallout, such as them losing access to their accounts, having their personal and financial data stolen, and the resulting lawsuits they’re likely to throw at you after the fact. If you’re running an online platform such as an SaaS or ecommerce store, data security is your responsibility when sensitive info is being stored.

Data security against account takeover

Following are 6 tips to help protect you from having your online accounts hacked and taken over.

1. Monitor your data

If a password exploit does occur, you’ll never know until it’s too late. Tools like dark web email api from SpyCloud and other similar deep-web scanning tools can save you a lot of aggravation and time. Their API uses human intelligence and automated AI scanning tools to discover password exploits often months before hackers can get a lock on it, then informs you of ways to lock that data down.

They can be integrated into any online accounts and will impose strict password-setting and resetting rules to ensure exploits aren’t even part of the picture for you and your customers.

2. Use complex passwords that don’t make any sense

In other words, don’t use your daughter’s name followed by her birthday (Eg., “Sarah12131999”). Hackers are good, but even a crappy hacker can come up with 10 or 20 good guesses as to what your password might be by running a cursory search of you and your family online. If you’re on social media, chances are they can sniff out your dog and kitty cat’s name, too!

Use minimum 12-ish character passwords, using multiple letters, mixing in caps and non-caps, and symbols that don’t form any sort of sensible pattern (Eg., “xL_9^t2HQ=\6EE”). Learn more about making NASA-proof passwords here.

3. Never use the same password on any two sites or accounts

This might seem like overkill given the complexity of the password design listed in the last tip. Maybe it is, but how sensitive is your data? What about your customers?

If either of you are using a platform where payment info, sensitive business data, or information that can be used to steal one’s identity, you can’t get lazy. Plus, if one source is hacked, and you use the same password over multiple accounts, all your online and locally-stored data are immediately put at risk.

4. Change passwords often

Not much to tell you here that you don’t know already. Keep in mind that the new password should be equally complex as the last. The more often you and your clients change passwords, the less chance a hacker can zero in on your data. Set a script to run on the client’s end, prompting them to change their password at least once a month.

Two-factor authentication

5. Use two-factor authentication

Two-factor identification can be a real pain in the butt, especially when it doesn’t work very well (are you listening Ebay?) However, even if it takes a text message or three to finally get a code that logs you into your account, this is an added level of security you and your clients can use to ensure you’re never hacked. Without your phone in their possession, your passwords are useless to hackers.

Speaking of phones, make sure you’re using a recent phone equipped with biometrics and voice recognition, so thieves can’t gain access to your phone’s data using your password.

6. Use a reputable password manager

Storing your passwords on an encrypted flash-drive in a text file is a really smart idea, but you run the risk of not having them when you need them.

Password managers save you dozens of hours of manually typing passwords into online accounts over the course of a year. Password managers like LastPass, Dashlane, and others work really well, and have the smartest hackers on the planet keeping their encryption near impossible to hack. They offer limitless password storage, and make changing passwords often very simple with one-click password generators.


Follow these rather simple tips for protecting passwords and the data they hold access to, and it’s safe to say you’re doing everything you can to prevent data and identity theft online.