Tag

Phishing Awareness

Phishing awareness articles teach readers to identify and avoid phishing attacks across email, SMS, voice calls, and social media. Content includes real-world phishing examples, red flags to watch for, reporting procedures, and tips for running phishing simulation campaigns.

posts

Cybersecurity for Law Firms

Cybersecurity for Law Firms: A Practical Defense Guide

Why Threat Actors Love Targeting Law Firms In February 2021, the law firm Jones Day confirmed that hackers had stolen confidential client data through a vulnerability in Accellion's file-transfer appliance. Sensitive case documents, including those related to major corporate litigation, ended up on the Clop ransomware gang'

Carl B. Johnson Jan 01, 2022 7 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Practical Defense Guide

The Blackbaud Breach Should Have Been a Wake-Up Call In May 2020, a ransomware attack hit Blackbaud — one of the largest cloud computing providers serving nonprofits, hospitals, and universities. The breach exposed donor records, financial data, and Social Security numbers belonging to millions of people across hundreds of organizations. Blackbaud

Carl B. Johnson Jan 01, 2022 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical 2021 Guide

The Misconfiguration That Exposed 3.8 Billion Records In June 2021, researchers discovered an unsecured Elasticsearch instance containing 3.8 billion records — names, emails, phone numbers, and social media profiles compiled from scraped and breached data. It sat wide open on the internet. No password. No access controls. Just a

Carl B. Johnson Dec 23, 2021 7 min read
Shadow IT Risks

Shadow IT Risks: The Threats Hiding in Your Network

Your Employees Are Building a Second Network — And You Can't See It In March 2021, a vulnerability in Microsoft Exchange Server sent security teams scrambling. But here's what didn't make the headlines: many organizations discovered Exchange instances they didn't even know existed.

Carl B. Johnson Dec 23, 2021 8 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

Your Employees' Phones Are the Weakest Link Right Now In September 2021, Lookout reported that mobile phishing attacks had surged 161% since 2020. That's not a typo. The device your employees carry everywhere — the one they check 96 times a day — has become the primary attack surface

Carl B. Johnson Dec 18, 2021 7 min read
Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat You Ignore

A $10 Pair of Binoculars Can Beat Your $10 Million Security Budget In 2018, a researcher at a security conference demonstrated how he captured over 100 passwords simply by watching people type at airport gates and coffee shops over a two-week period. No malware. No phishing emails. No zero-day exploits.

Carl B. Johnson Dec 18, 2021 7 min read
CEO Fraud Email Scam

CEO Fraud Email Scam: How to Stop It Cold

In March 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes every CEO fraud email scam — generated $1.8 billion in reported losses in 2020 alone. That made it the single most financially damaging cybercrime category in the entire IC3 report,

Carl B. Johnson Oct 01, 2021 7 min read