Tag

Cybersecurity Best Practices

Provides actionable strategies and proven frameworks for strengthening your organization's security posture. Articles cover risk assessment, access controls, incident response planning, network segmentation, encryption standards, and policy development for businesses of all sizes.

posts

Cybersecurity Best Practices

Cybersecurity Best Practices for Employees: A 2021 Guide

The Click That Cost One Company $46 Million In 2020, Ubiquiti Networks disclosed a breach that started with a single employee's compromised credentials. Attackers impersonated company executives, manipulated employees through social engineering, and walked away with $46.7 million in fraudulent wire transfers. The technology was fine. The

Carl B. Johnson Apr 02, 2021 8 min read
Password Manager Benefits

Password Manager Benefits: Why Pros Won't Work Without One

The Breach That Started With a Sticky Note In 2020, a senior employee at a Florida water treatment facility reportedly reused passwords across multiple systems — including the one controlling sodium hydroxide levels in the public water supply. That incident, disclosed in early February 2021, showed exactly how a single weak

Carl B. Johnson Jan 14, 2021 6 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

In December 2020, SolarWinds disclosed a supply chain compromise that shook the entire cybersecurity industry. But while the world was focused on nation-state threat actors, Verizon's 2020 Data Breach Investigations Report had already confirmed something far more common and just as devastating: over 80% of hacking-related breaches involved

Carl B. Johnson Jan 03, 2021 7 min read
Cyber Incident Response Steps

Cyber Incident Response Steps That Actually Work

When SolarWinds disclosed in December 2020 that threat actors had compromised their Orion software update mechanism — affecting up to 18,000 organizations including multiple U.S. government agencies — it became the most significant supply chain attack in modern history. The organizations that responded effectively didn't improvise. They followed

Carl B. Johnson Dec 20, 2020 7 min read
Insider Threat Awareness

Insider Threat Awareness: What Your Team Isn't Telling You

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, threat actors had hijacked 130 high-profile accounts — including those of Barack Obama, Elon Musk, and Apple — and used them to run a Bitcoin scam. The breach didn't start with a

Carl B. Johnson Dec 20, 2020 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal tool credentials. Within hours, threat actors had hijacked high-profile accounts — Barack Obama, Elon Musk, Apple — and ran a Bitcoin scam that netted over $100,000. The breach didn't start with a zero-day exploit

Carl B. Johnson Dec 20, 2020 7 min read
CISA Cybersecurity Guidelines

CISA Cybersecurity Guidelines: What They Mean for You

In January 2024, CISA issued Emergency Directive 24-01 after a nation-state threat actor compromised Microsoft's corporate email environment. Federal agencies scrambled to audit their own Microsoft tenants. The directive wasn't theoretical — it was an emergency response to a real breach affecting the backbone of government communications.

Carl B. Johnson Nov 04, 2020 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2026

A Single Reused Password Cost One Company Everything In 2021, the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast. The entry point? A single compromised password on a legacy VPN account that lacked multi-factor authentication. That's not a sophisticated nation-state exploit. That&

Carl B. Johnson Sep 07, 2020 6 min read