Using weak passwords is a significant security risk. But, re-using passwords is probably even worse, especially if you use the same one on a personal account as you do on a business related account.
Recently, yet another vast breach was announced at https://haveibeenpwned.com/ containing over 700 million email addresses and passwords. You can check if any of your email addresses are included in this list at the site above.
You can also check if a password you currently use is on a list at https://haveibeenpwned.com/Passwords - if it is, I suggest you change it at the site you use it at. And if you use it at more than one site, for goodness sake change them all to different passwords.
The reasons for this are that all an attacker has to do is try logging in to other websites with the same usernames and passwords they found in the data breach. Because so many people still reuse passwords, it won’t take long to find a match; Facebook is a wonderful source of information as so much personal data is revealed there.
They are after accounts for Netflix, Amazon, Facebook, email, banking, mortgage, medical records, you name it. Then they can turn around and sell whatever they’ve found: a credit card number, or an active Netflix account, or even an identity.
The purchasers of this information can then use it to set up credit cards in your name, take out loans, use your Netflix account to pay for other people, the list is endless.
From a business point of view, weak passwords and password reuse leave you wide open for a data breach of your very own. And barely a leg to stand on once the ICO get involved!
So, make sure all staff are aware of the dangers and that you institute passphrase policies sooner rather than later for all logins and consider a password manager such as Lastpass or 1Password.