While business leaders at SMBs and other organizations may feel that they are doing more than ever to protect their organizations from cyberattacks, the unfortunate reality is that we may need to do better. According to a new report by cybersecurity firm LastPass, there remain significant gaps in our efforts to protect ourselves from the latest threats.

One particular area that users need to improve is password hygiene. According to the report, 62 percent of those professionals surveyed almost always or primarily used the same or similar variation of a password. This is just one example of a bad practice that can make it easier for an attacker to compromise an account — or even an entire organization. These results are concerning, as they may indicate that an SMB is not as secure as it might think.

Why is strong password hygiene important? According to the Verizon Data Breach Investigations Report, an estimated 80 percent of data breaches result from compromised login credentials, something that poor password best practices among other factors, can cause. By correcting this vector of an attack, an SMB can perhaps lower the likelihood that it will be the victim of this most common type of attack.

What is particularly concerning from the report is that education does not seem to be making an impact. In fact, 89 percent of those surveyed acknowledged that repeating passwords across multiple accounts is not a best practice and could be risky to the organization. Gen Z professionals were particularly prone to using the same password across multiple accounts, with 69 percent admitting to the practice (compared to 66 percent of Millennials).

What can an SMB do to correct this behavior? The good news is that there are many things. One of the first things an IT leader can do is to educate users on the importance of strong password best practices and what those best practices are. These best practices can include creating strong, complex passwords and creating unique ones for each account. While this is a crucial step, the survey did note that 65 percent of those surveyed had some form of cybersecurity education yet still needed to follow proper guidelines.

In addition, an SMB can also offer tools and technologies to make leveraging password best practices easier. For instance, IT leaders can offer password managers to securely store strong passwords and set policies and reminders for users to update passwords for sensitive accounts regularly. An SMB can encourage its teams to follow best practices by making it as easy as possible.

As cyberattacks continue to rise worldwide, it is more important than ever for an SMB to consider how it can incorporate best practices for cybersecurity across the organization — especially when it comes to one of the most common vectors of attack. By closing this gap, an SMB IT leader can go a long way toward reducing the organization’s overall risk of attack.