Tag

Phishing Prevention

Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.

posts

Password Manager

Why Use a Password Manager: A Security Pro's Take

In January 2022, the Red Cross disclosed a cyberattack that compromised personal data of over 515,000 vulnerable people. The attack exploited unpatched vulnerabilities — but the investigation also revealed compromised credentials as a contributing factor. It's a pattern I see constantly. And every time it happens, I get

Carl B. Johnson Feb 15, 2022 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 61% Problem Nobody Talks About The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. Stolen, reused, guessed, and phished passwords remain the single largest attack vector threat actors exploit today. I've spent years

Carl B. Johnson Feb 15, 2022 6 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In December 2020, a former Cisco employee pleaded guilty to accessing the company's cloud infrastructure and deleting 456 virtual machines, wiping out 16,000 Webex Teams accounts. He'd left the company months earlier. His credentials still worked. That single insider incident cost Cisco roughly $2.4

Carl B. Johnson Jan 15, 2022 6 min read
Remote Work Cybersecurity Tips

Remote Work Cybersecurity Tips That Actually Work

In July 2021, a remote employee at a Florida IT management firm clicked a link that looked like a routine software update. Within hours, the REvil ransomware gang had compromised Kaseya's VSA platform and cascaded the attack to an estimated 1,500 downstream businesses. The initial foothold? A

Carl B. Johnson Jan 15, 2022 6 min read
Remote Desktop Security Risks

Remote Desktop Security Risks: What Attackers See

An Open Door You Didn't Know You Left Unlocked In August 2021, the FBI and CISA issued a joint advisory warning that threat actors exploiting Remote Desktop Protocol (RDP) was the single most common initial access vector in ransomware attacks. Not phishing emails. Not zero-day exploits. RDP. The

Carl B. Johnson Jan 06, 2022 7 min read
Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Your First Defense

The Policy Nobody Reads Until It's Too Late In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server — a credential so weak it became a punchline at Congressional hearings. But here's the question nobody asked loudly enough: did SolarWinds

Carl B. Johnson Jan 06, 2022 8 min read
Mobile Device Security Policy

Mobile Device Security Policy: A Practical Guide

In April 2021, the FBI's IC3 reported a sharp rise in mobile-focused phishing attacks — schemes specifically designed to exploit the smaller screens and always-on nature of smartphones. I've watched organizations pour millions into securing their perimeters while ignoring the devices employees actually use the most. The

Carl B. Johnson Dec 22, 2021 7 min read
BYOD Security Risks

BYOD Security Risks: What Your Policy Is Missing

A Single Employee's Phone Just Cost This Company Everything In August 2021, T-Mobile confirmed a massive data breach affecting over 50 million people. While the full attack chain was complex, the reality is that personal devices connecting to corporate environments create attack surfaces that most IT teams drastically

Carl B. Johnson Dec 22, 2021 7 min read