Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Insider Threats

How to Prevent Insider Threats: A Practical Guide

In May 2022, a Yahoo research scientist named Qian Sang downloaded roughly 570,000 pages of proprietary source code to his personal devices — minutes after receiving a job offer from a competitor. Yahoo's internal systems flagged it, but only after the data had already left. That incident is

Carl B. Johnson Jun 12, 2025 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

One Clicked a Link. The Other Sold the Data. Both Cost Millions. In 2023, Tesla disclosed that two former employees had leaked the personal information of over 75,000 people — including Social Security numbers — to a foreign media outlet. That same year, the Verizon 2023 Data Breach Investigations Report confirmed

Carl B. Johnson Jun 12, 2025 7 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A 2025 Survival Guide

In March 2024, a single remote employee at a midsize financial firm clicked a link in what looked like a Microsoft Teams notification. Within 72 hours, a threat actor had moved laterally across the company's network, exfiltrated 1.2 million customer records, and deployed ransomware that locked every

Carl B. Johnson May 25, 2025 7 min read
Cybersecurity for Healthcare

Cybersecurity for Healthcare Organizations: A 2025 Guide

In February 2024, a ransomware attack on Change Healthcare — one of the largest health payment processors in the United States — disrupted claims processing for hospitals, pharmacies, and clinics across the country for weeks. UnitedHealth Group, its parent company, later confirmed that the personal health information of roughly 100 million individuals

Carl B. Johnson May 10, 2025 8 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Practical Defense Guide

The Breach That Cost a Charity Its Reputation — and Its Donors In 2023, the nonprofit organization Save the Children Federation confirmed it was hit by the BianLian ransomware group, which claimed to have stolen nearly 7 GB of data including financial records, personal information, and medical data. A global charity

Carl B. Johnson Apr 22, 2025 7 min read
Cloud Storage Security Risks

Cloud Storage Security Risks: What's Actually Exposing You

The Misconfigured Bucket That Exposed 540 Million Records In 2019, researchers at UpGuard discovered that Facebook user data — over 540 million records — sat exposed on misconfigured Amazon S3 buckets maintained by third-party app developers. Nobody hacked anything. Nobody exploited a zero-day. The data was simply left open to the public

Carl B. Johnson Apr 22, 2025 8 min read
Securing Employee Mobile Devices

Securing Employee Mobile Devices: A 2025 Field Guide

The Text Message That Cost One Company $40 Million In 2024, a sophisticated smishing campaign targeted employees at several major financial institutions. Threat actors sent SMS messages impersonating IT support, directing staff to fake login portals that harvested credentials and multi-factor authentication tokens. The attackers then used those stolen credentials

Carl B. Johnson Apr 20, 2025 7 min read