Tag

Multi-Factor Authentication

Posts tagged with multi-factor authentication explain how layered identity verification strengthens access security. Coverage includes MFA implementation strategies, authenticator app comparisons, hardware token options, and best practices for deploying MFA across enterprise environments.

posts

Securing Remote Employees

Securing Remote Employees: A Practical Guide for 2022

In July 2021, a ransomware attack on Kaseya's VSA software cascaded through managed service providers and hit up to 1,500 businesses — many of them small companies with remote workers connecting through poorly secured endpoints. The REvil gang demanded $70 million. That single incident crystallized what I'

Carl B. Johnson Jan 15, 2022 8 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2022

The Pulse Secure Breach Should Have Been Your Wake-Up Call In April 2021, CISA issued an emergency directive after threat actors exploited vulnerabilities in Pulse Connect Secure VPN appliances to compromise federal agencies and defense contractors. Attackers maintained persistent access for months before anyone noticed. The tool that was supposed

Carl B. Johnson Jan 06, 2022 7 min read
Cloud Security Best Practices

Cloud Security Best Practices That Actually Stop Breaches

A Single Checkbox Left Unchecked Cost Capital One $80 Million In 2019, a former AWS employee exploited a misconfigured web application firewall to access over 100 million Capital One customer records. The breach led to an FTC investigation, an $80 million fine from the OCC, and a $190 million class-action

Carl B. Johnson Jan 01, 2022 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical 2021 Guide

The Misconfiguration That Exposed 3.8 Billion Records In June 2021, researchers discovered an unsecured Elasticsearch instance containing 3.8 billion records — names, emails, phone numbers, and social media profiles compiled from scraped and breached data. It sat wide open on the internet. No password. No access controls. Just a

Carl B. Johnson Dec 23, 2021 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

When Colonial Pipeline paid $4.4 million in ransom in May 2021, investigators traced the initial compromise back to a single compromised VPN credential — one that didn't have multi-factor authentication enabled. That's not a sophisticated nation-state exploit. That's a basic hygiene failure. And it

Carl B. Johnson Nov 28, 2021 6 min read
Multi-Factor Authentication

Authenticator App vs SMS Verification: Which Is Safer?

In February 2021, T-Mobile disclosed a data breach that exposed customer phone numbers and SIM information. That same month, the FBI's Internet Crime Complaint Center continued logging a surge in SIM swap complaints — a threat that directly undermines SMS-based two-factor authentication. If your organization still relies on text

Carl B. Johnson Sep 16, 2021 7 min read