Tag

Cybersecurity Best Practices

Provides actionable strategies and proven frameworks for strengthening your organization's security posture. Articles cover risk assessment, access controls, incident response planning, network segmentation, encryption standards, and policy development for businesses of all sizes.

posts

Ransomware Protection

Ransomware Protection Tips That Actually Work in 2022

Colonial Pipeline paid $4.4 million in ransom in May 2021. Within months, JBS Foods handed over $11 million. Kaseya's supply chain attack hit over 1,500 businesses in a single weekend. And those are just the ones that made headlines. The FBI's Internet Crime Complaint

Carl B. Johnson Mar 18, 2022 7 min read
Password Manager

Why Use a Password Manager: A Security Pro's Take

In January 2022, the Red Cross disclosed a cyberattack that compromised personal data of over 515,000 vulnerable people. The attack exploited unpatched vulnerabilities — but the investigation also revealed compromised credentials as a contributing factor. It's a pattern I see constantly. And every time it happens, I get

Carl B. Johnson Feb 15, 2022 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In December 2020, a former Cisco employee pleaded guilty to accessing the company's cloud infrastructure and deleting 456 virtual machines, wiping out 16,000 Webex Teams accounts. He'd left the company months earlier. His credentials still worked. That single insider incident cost Cisco roughly $2.4

Carl B. Johnson Jan 15, 2022 6 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

When Colonial Pipeline paid $4.4 million in ransom in May 2021, investigators traced the initial compromise back to a single compromised VPN credential — one that didn't have multi-factor authentication enabled. That's not a sophisticated nation-state exploit. That's a basic hygiene failure. And it

Carl B. Johnson Nov 28, 2021 6 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2021

Colonial Pipeline. SolarWinds. The Microsoft Exchange Server hack. We're barely halfway through 2021, and the breach headlines already read like a disaster film. Each one of these incidents started with something preventable — a compromised password, an unpatched system, a single employee who clicked the wrong link. The cybersecurity

Carl B. Johnson Jun 03, 2021 6 min read
Phishing Awareness Training

Phishing Awareness Training: What Actually Works in 2021

On May 7, 2021 — less than a week ago — Colonial Pipeline shut down 5,500 miles of fuel infrastructure after a ransomware attack that started with a single compromised credential. One password. No multi-factor authentication. An entire region's fuel supply disrupted. This is the kind of incident that

Carl B. Johnson May 13, 2021 7 min read
Phishing Simulation Training

Phishing Simulation Training: Why 97% of Users Fail

In March 2021, a single phishing email led to a credential theft incident at a mid-size manufacturing firm in Ohio. The attacker impersonated the CEO, asked the controller to update direct deposit information, and walked away with $1.7 million. The email had two typos, a slightly wrong domain, and

Carl B. Johnson May 04, 2021 7 min read
Phishing Prevention

How to Avoid Phishing Attacks: A Practical Guide

In December 2020, the Treasury Department and the Department of Commerce confirmed they'd been breached through a supply chain attack that started, in part, with carefully crafted phishing emails targeting key personnel. If federal agencies with dedicated security teams can get caught, your organization isn't immune

Carl B. Johnson Apr 15, 2021 7 min read