Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Shadow IT Risks

Shadow IT Risks: The Invisible Threat Draining Your Budget

A Marketing Team's Slack Alternative Nearly Took Down an Entire Hospital Network In 2023, a regional healthcare system discovered that its marketing department had been using an unapproved messaging platform for over 14 months. Nobody in IT knew. The platform stored patient-adjacent data with no encryption, no access

Carl B. Johnson Apr 16, 2026 5 min read
What Is Cybersecurity

What Is Cybersecurity? A Practitioner's Real-World Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a ten-minute phone call. That single conversation gave attackers the keys to one of the largest hospitality companies on the planet. So when someone asks me what is

Carl B. Johnson Apr 15, 2026 5 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Yours Is Missing

In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and a growing percentage of those started on a mobile device. I've reviewed mobile device security policies for organizations of every size, and here's the uncomfortable truth:

Carl B. Johnson Apr 15, 2026 5 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2026

In early 2024, threat actors exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances so aggressively that CISA issued an emergency directive ordering federal agencies to disconnect the devices entirely. Not patch them. Disconnect them. That moment should have been a wake-up call: having a VPN isn't enough.

Carl B. Johnson Apr 12, 2026 5 min read
Cybersecurity Training

How to Train Employees on Cybersecurity in 2026

The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered an IT help desk employee with a phone call that lasted about ten minutes. The attacker didn't exploit a zero-day vulnerability. They didn&

Carl B. Johnson Apr 11, 2026 5 min read
Password Manager

Why Use a Password Manager: The Case Is Overwhelming

The Breach That Started With "Company123!" In 2024, the credential stuffing attack against Roku compromised over 576,000 accounts. The attackers didn't exploit some exotic zero-day vulnerability. They used passwords stolen from other breaches and tried them against Roku accounts — because people reuse passwords everywhere. That

Carl B. Johnson Apr 10, 2026 6 min read
Password Manager

Why Use a Password Manager: Stop Reusing Passwords

The Breach That Started With One Reused Password In 2022, a single employee at LastPass reused credentials across personal and work accounts. A threat actor exploited that overlap, eventually compromising encrypted password vaults for millions of users. The irony — a password management company breached because of poor password hygiene — should

Carl B. Johnson Apr 08, 2026 5 min read