Tag

Data Breach Prevention

Explores strategies and best practices for preventing data breaches in organizations of all sizes. Covers topics like access controls, encryption, network monitoring, incident response planning, and employee awareness to help reduce the risk of unauthorized data exposure.

posts

Strong Password Examples

Strong Password Examples That Actually Stop Hackers

In 2023, a single reused password gave threat actors access to 23andMe's credential stuffing attack, ultimately exposing the genetic data of 6.9 million users. The attackers didn't exploit a zero-day vulnerability. They didn't deploy sophisticated malware. They simply tried known username-password combinations from

Carl B. Johnson May 20, 2026 5 min read
Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2026

One Click Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider called the MGM Resorts help desk, impersonated an employee found on LinkedIn, and convinced IT staff to reset credentials. The result: ten days of operational chaos, encrypted systems, and an estimated $100 million in

Carl B. Johnson May 20, 2026 5 min read
Computer Security Advice

Computer Security Advice That Actually Works in 2026

The Breach That Started With a Single Password In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attackers didn't exploit some exotic zero-day vulnerability. They used basic social engineering — information scraped from LinkedIn

Carl B. Johnson May 19, 2026 5 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Most Orgs Get Wrong

A Single Phone Took Down an Entire Pipeline In 2021, a compromised password — likely harvested from a mobile device or reused across platforms — gave threat actors access to Colonial Pipeline's VPN. The result: fuel shortages across the Eastern United States, a $4.4 million ransom payment, and a

Carl B. Johnson May 18, 2026 6 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2026

When Colonial Pipeline paid $4.4 million in ransom after a single compromised password shut down fuel delivery across the Eastern Seaboard, it wasn't a failure of exotic technology. It was a failure of fundamentals — the exact fundamentals the NIST Cybersecurity Framework was designed to address. I'

Carl B. Johnson May 18, 2026 6 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. The attacker didn't blast out a million generic emails. They researched one finance executive, crafted one convincing message, and walked away with the money. That&

Carl B. Johnson May 17, 2026 5 min read
Insider Threat Awareness

Insider Threat Awareness: What Most Companies Miss

The Threat Already Inside Your Network In 2023, Tesla disclosed that two former employees had leaked the personal data of more than 75,000 workers to a German news outlet. It wasn't a sophisticated hack. It wasn't a nation-state threat actor. It was people who already

Carl B. Johnson May 17, 2026 5 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

The Email That Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. A threat actor impersonated a senior executive, convinced a finance employee to change wire transfer details, and the money vanished. That attack started with something deceptively simple

Carl B. Johnson May 15, 2026 5 min read
Zero Trust Security Model

Zero Trust Security Model: Why Perimeter Defense Is Dead

A Castle With No Walls Left to Defend In January 2024, Microsoft disclosed that the Russian threat actor Midnight Blizzard had compromised executive email accounts — not by breaching a firewall, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. The attackers moved laterally for weeks before detection.

Carl B. Johnson May 15, 2026 5 min read