Tag

Cybersecurity Best Practices

Provides actionable strategies and proven frameworks for strengthening your organization's security posture. Articles cover risk assessment, access controls, incident response planning, network segmentation, encryption standards, and policy development for businesses of all sizes.

posts

Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat That Still Works

In 2023, a Ponemon Institute study sponsored by 3M found that 91% of visual hacking attempts — someone simply looking at a screen — were successful. No malware. No zero-day exploit. No phishing email. Just a person standing in the right place at the right time, reading credentials off someone else'

Carl B. Johnson Apr 20, 2025 7 min read
Cross-Site Scripting

Cross-Site Scripting Explained: A Practical Guide

In September 2024, a security researcher discovered a stored cross-site scripting vulnerability in a major email platform that allowed attackers to execute arbitrary JavaScript the moment a victim opened a crafted message. No clicks required beyond reading the email. The vulnerability sat unpatched for weeks. If you think XSS is

Carl B. Johnson Dec 10, 2024 8 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In January 2024, a single employee at a mid-sized accounting firm double-clicked a file named Invoice_Final_v2.exe. Within 40 minutes, the LockBit ransomware variant had encrypted 14,000 files across three networked drives. The ransom demand was $2.2 million. The firm's antivirus was installed. It

Carl B. Johnson Jul 13, 2024 6 min read
Security for System

Security for System Hardening: A Practical Guide

In February 2024, a misconfigured system at Change Healthcare led to one of the most devastating ransomware attacks in U.S. healthcare history. The ALPHV/BlackCat group exploited a Citrix remote access portal that lacked multi-factor authentication — a basic security for system control that should have been in place years

Carl B. Johnson Jul 10, 2024 7 min read
Computer Security

Computer Security: What Actually Works in 2024

In February 2024, Change Healthcare — one of the largest health technology companies in the U.S. — got hit with a ransomware attack that disrupted pharmacies, hospitals, and insurance claims processing across the entire country. UnitedHealth Group confirmed the breach affected a substantial portion of the American population. The attack vector?

Carl B. Johnson Jul 10, 2024 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In January 2024, a finance employee at a multinational firm in Hong Kong wired $25.6 million to threat actors after joining a video call where every other participant — including the company's CFO — was a deepfake. The attackers had spent weeks studying publicly available video of those executives,

Carl B. Johnson May 02, 2024 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call where every other participant — including the CFO — was a deepfake. The attackers had studied publicly available footage, cloned voices and faces, and orchestrated an elaborate social engineering attack that

Carl B. Johnson Apr 07, 2024 7 min read
Ransomware Attack Prevention

Ransomware Attack Prevention: A Practical Guide for 2024

In January 2024, Fulton County, Georgia — home to Atlanta — was crippled by a ransomware attack that knocked court systems offline, disrupted tax processing, and left residents unable to access basic government services for weeks. It wasn't an isolated event. The FBI's Internet Crime Complaint Center (IC3)

Carl B. Johnson Feb 28, 2024 8 min read
Multi-Factor Authentication

Multi-Factor Authentication Setup: A Practical Guide

In September 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by socially engineering a helpdesk employee into resetting MFA credentials. Let that sink in. The company had multi-factor authentication. It still wasn't enough — because the multi-factor authentication setup and the processes

Carl B. Johnson Jan 20, 2024 7 min read