Thanks for your replies.
I am no longer in control of the server, ie I cannot ftp or access the cpanel.
The password is fairly weak, but as I am doing this as a favour to a friend, its not something that I set. I will advise him to create stronger passwords in future.
I use a mac, and do not have anti-virus software installed. Should I invest in some. I'm pretty sure I'm virus free, but can my mac carry viruses that can infect PCs?
@eldad, in your reply you mention step 4 - add a security layer to your web site to protect you form hacks. Can you be more specific. What do you mean exactly by a security layer?
I have the site backed up locally. Do you advice i use a different hosting company altogether?