Tag

Phishing Prevention

Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.

posts

Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

The Breach That Started With "Company123!" In September 2023, MGM Resorts lost an estimated $100 million after a threat actor used social engineering to compromise employee credentials. The attack didn't require some sophisticated zero-day exploit. It started with identity — with passwords and people. And it'

Carl B. Johnson Jan 22, 2024 7 min read
Multi-Factor Authentication

Multi-Factor Authentication Setup: A Practical Guide

In September 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by socially engineering a helpdesk employee into resetting MFA credentials. Let that sink in. The company had multi-factor authentication. It still wasn't enough — because the multi-factor authentication setup and the processes

Carl B. Johnson Jan 20, 2024 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 23andMe Breach Started With Recycled Passwords In October 2023, genetic testing company 23andMe confirmed that attackers accessed roughly 6.9 million user profiles. The method wasn't some exotic zero-day exploit. It was credential stuffing — threat actors took username and password combinations leaked from other breaches and simply

Carl B. Johnson Jan 20, 2024 7 min read
Securing Remote Employees

Securing Remote Employees: A Practical 2023 Guide

In August 2023, a single remote employee at a casino and entertainment company fell for a social engineering call. That one mistake gave threat actors the keys to MGM Resorts' entire kingdom — an attack that cost the company over $100 million in damages according to their SEC filing. The

Carl B. Johnson Nov 26, 2023 7 min read
Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Your First Defense

In 2022, a single employee at Uber received a flood of multi-factor authentication push notifications, got frustrated, and approved one. That decision gave a teenage threat actor access to Uber's internal systems, Slack, and cloud infrastructure. An acceptable use policy cybersecurity framework — one that specifically addressed MFA fatigue

Carl B. Johnson Nov 26, 2023 7 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2023

The Framework That Could Have Prevented a $150 Million Mistake When Equifax disclosed its catastrophic 2017 breach affecting 147 million Americans, the postmortem was brutal. The company had failed at the most basic elements of what the NIST Cybersecurity Framework prescribes: asset inventory, patch management, and network segmentation. The FTC

Carl B. Johnson Nov 09, 2023 7 min read
Cybersecurity for Nonprofits

Cybersecurity for Nonprofits: A Survival Guide for 2024

In July 2023, a ransomware attack crippled the nonprofit hospital chain CommonSpirit Health, ultimately affecting over 600,000 patients and costing the organization an estimated $160 million. That's not a Fortune 500 company. That's a mission-driven organization built to serve communities — brought to its knees because

Carl B. Johnson Nov 09, 2023 7 min read