Tag

Phishing Prevention

Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.

posts

Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

The Breach That Started with a Single Employee In May 2021, a single compromised password shut down Colonial Pipeline and triggered fuel shortages across the Eastern United States. The credential was tied to a legacy VPN account that lacked multi-factor authentication. One employee. One password. $4.4 million in ransom

Carl B. Johnson Dec 18, 2021 7 min read
Cyber Hygiene

What Is Cyber Hygiene? The Basics That Stop 85% of Attacks

In March 2021, a single compromised password led to the Colonial Pipeline ransomware attack that shut down fuel delivery across the U.S. East Coast. The account didn't even have multi-factor authentication enabled. That's not a sophisticated nation-state exploit — that's a basic cyber hygiene

Carl B. Johnson Nov 28, 2021 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

When Colonial Pipeline paid $4.4 million in ransom in May 2021, investigators traced the initial compromise back to a single compromised VPN credential — one that didn't have multi-factor authentication enabled. That's not a sophisticated nation-state exploit. That's a basic hygiene failure. And it

Carl B. Johnson Nov 28, 2021 6 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Skip

When Marriott acquired Starwood Hotels in 2016, the deal looked solid on paper. Two years later, Marriott disclosed that hackers had been inside Starwood's reservation system since 2014 — exposing the personal data of up to 500 million guests. The breach predated the acquisition. The liability didn't.

Carl B. Johnson Sep 23, 2021 7 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

In April 2021, a collection of 533 million Facebook user records surfaced on a dark web forum — names, phone numbers, email addresses, all posted for anyone to grab. Three months before that, a compilation of 3.2 billion email and password pairs called COMB (Compilation of Many Breaches) appeared on

Carl B. Johnson Sep 23, 2021 7 min read
Multi-Factor Authentication

Authenticator App vs SMS Verification: Which Is Safer?

In February 2021, T-Mobile disclosed a data breach that exposed customer phone numbers and SIM information. That same month, the FBI's Internet Crime Complaint Center continued logging a surge in SIM swap complaints — a threat that directly undermines SMS-based two-factor authentication. If your organization still relies on text

Carl B. Johnson Sep 16, 2021 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2021, security researchers discovered that the Agent Tesla keylogger had become one of the most prevalent malware families in the wild, appearing in phishing campaigns targeting organizations across every sector. This wasn't some exotic zero-day. It was a commodity keylogger attack tool that anyone could buy

Carl B. Johnson Sep 03, 2021 7 min read