October 28, 2009 | The Wall Street Journal

In July, Matt Blalock’s mind was on massage oils, soft robes and scented candles when he got a rude awakening.

An intruder had accessed a proprietary database of luxury items that Blalock’s fledgling 13-person e-commerce company, Tickle Industries LLC, was considering selling. At that moment, Blalock realized that far too many people, including data-entry clerks and temporary workers, knew the database’s single, shared password. The not-so-secret code? “Password.”

“It scared us. We became very conscious of what we were doing and the security of everything,” says Mr. Blalock, who immediately hired a local IT-services firm, at a cost of less than $5,000, to set up an access-control system. Now, employees must use strong passwords and change them monthly. “We thought it might happen again, but with something more important.”

Passwords are both vital and painful for small companies. A tiny firm’s data can be just as sensitive as that of a large company – and a breach of security just as damaging – but it typically has far less computer-security expertise and money to tackle the problem. Learning how to control insider and outsider access with good password practices is critical.

Continue reading the main story