Tag

Cybersecurity Tips

Actionable cybersecurity tips for individuals and organizations looking to strengthen their digital defenses. Topics range from password management and multi-factor authentication to device security, safe browsing habits, and incident response planning.

posts

Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2024

In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was brought to its knees by a ransomware attack. Patient data for potentially tens of millions of Americans was exposed. The initial access vector? Stolen credentials on a system that lacked multi-factor authentication. One

Carl B. Johnson Jul 10, 2024 7 min read
Phishing

How to Spot a Phishing Email: 9 Red Flags That Matter

In March 2022, the Lapsus$ threat actor group breached Okta — a company literally in the business of identity security — by compromising a single employee through a social engineering campaign that started with phishing. If it can happen to an identity provider securing thousands of enterprises, it can happen to your

Carl B. Johnson Jan 09, 2023 8 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

The $2.4 Billion Problem Sitting in Your Inbox In 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — a category driven almost entirely by fake emails — accounted for nearly $2.4 billion in adjusted losses. That made it the single costliest cybercrime type reported.

Carl B. Johnson Sep 22, 2022 7 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2022

In March 2022, Okta confirmed that the Lapsus$ threat actor group had accessed an internal support engineer's laptop — and the fallout rippled across the entire identity management industry. The breach didn't start with a sophisticated zero-day exploit. It started with compromised credentials. That single detail tells

Carl B. Johnson Aug 11, 2022 7 min read
Social Engineering

How to Spot Social Engineering Before It Costs You

In March 2022, the Lapsus$ threat actor group breached Okta by socially engineering a third-party support contractor. No malware. No zero-day exploit. Just a human being who got manipulated. The breach potentially affected hundreds of Okta's enterprise customers, and it started with the simplest attack vector there is

Carl B. Johnson Apr 04, 2022 7 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida managed service provider, which cascaded into the massive Kaseya VSA ransomware attack affecting up to 1,500 businesses worldwide. One click. One employee who didn't know how to spot

Carl B. Johnson Aug 31, 2021 8 min read
Fake Email

Fake Email: How to Spot, Stop, and Survive One

A Single Fake Email Cost Facebook and Google $120 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, complete with forged invoices and contracts. By the time both companies

Carl B. Johnson Aug 31, 2021 7 min read
Fake Mail

Fake Mail: How to Spot and Stop Phishing Attacks

91% of Cyberattacks Start With Fake Mail That's not a guess. The Verizon 2021 Data Breach Investigations Report confirmed that phishing was present in 36% of breaches — up from 25% the year before. And when you broaden the lens to include all forms of social engineering delivered through

Carl B. Johnson Aug 18, 2021 7 min read
Fake Emails

Fake Emails: How to Spot Them Before They Cost You

In March 2021, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the sophisticated cousin of fake emails — caused over $1.8 billion in losses during 2020 alone. That made it the costliest category of cybercrime they tracked. Not ransomware. Not credit card fraud. Fake emails

Carl B. Johnson Aug 15, 2021 7 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2021

Colonial Pipeline. SolarWinds. The Microsoft Exchange Server hack. We're barely halfway through 2021, and the breach headlines already read like a disaster film. Each one of these incidents started with something preventable — a compromised password, an unpatched system, a single employee who clicked the wrong link. The cybersecurity

Carl B. Johnson Jun 03, 2021 6 min read