Explores the intersection of acceptable use policies and cybersecurity strategy. Covers how well-crafted AUPs prevent data breaches, mitigate insider threats, define boundaries for device and network usage, and support broader organizational security frameworks.
posts
In 2023, a single employee at MGM Resorts used a corporate credential to respond to a social engineering call. The threat actor impersonated IT, gained access, and triggered a ransomware attack that cost the company over $100 million. The kicker? A well-enforced acceptable use policy — one that clearly defined how
In 2022, a single employee at Uber received a flood of multi-factor authentication push notifications, got frustrated, and approved one. That decision gave a teenage threat actor access to Uber's internal systems, Slack, and cloud infrastructure. An acceptable use policy cybersecurity framework — one that specifically addressed MFA fatigue
The Policy Nobody Reads Until It's Too Late In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server — a credential so weak it became a punchline at Congressional hearings. But here's the question nobody asked loudly enough: did SolarWinds
The Policy Nobody Reads Until It's Too Late In 2023, a single employee at MGM Resorts called the help desk, and a threat actor used social engineering to gain access that led to a $100 million hit on operations. One phone call. No malware exploit. No zero-day vulnerability.
The Policy Gathering Dust in Your Shared Drive In 2023, the city of Dallas was hit by a Royal ransomware attack that crippled municipal services for weeks. Investigators traced the initial access back to a service account and poor access controls — exactly the kind of risk a well-enforced acceptable use
