Practical advice on developing cybersecurity policies tailored for employees, including password management rules, data handling procedures, device usage standards, and incident reporting protocols. Helps organizations set clear expectations and reduce security vulnerabilities caused by staff actions.
posts
In March 2023, the FBI's Internet Crime Complaint Center reported that business email compromise alone cost organizations $2.7 billion in 2022 — and the vast majority of those losses started with a single employee clicking, replying, or trusting the wrong message. I've reviewed dozens of incident
In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server. That single credential failure contributed to one of the most devastating supply chain breaches in modern history, compromising at least nine federal agencies and over 100 private companies. The root cause wasn'
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee using information scraped from LinkedIn. One phone call. One employee without clear verification protocols. That's all it took to shut down slot machines, hotel key cards, and reservation systems across
In 2023, MGM Resorts lost roughly $100 million after a threat actor social-engineered their way past an IT help desk employee — with a single phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They just talked their way in. And the
