Tag

Phishing Prevention

Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.

posts

Cyber Security

Cyber Security in 2026: What Actually Stops Breaches

A $9.5 Billion Problem That Keeps Getting Worse The FBI's Internet Crime Complaint Center (IC3) reported $12.5 billion in cybercrime losses in 2023 — a figure that's only climbed since. If you're searching for answers about cyber security, you're asking the

Carl B. Johnson May 05, 2026 5 min read
Third Party Risk Management

Third Party Vendor Cybersecurity Risk: A Practical Guide

The Breach That Didn't Start With You In 2023, the MOVEit Transfer vulnerability gave threat actors a master key to thousands of organizations — not through their own systems, but through a single third-party file transfer tool. Over 2,600 organizations and 77 million individuals were impacted, according to

Carl B. Johnson May 04, 2026 6 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

A Poster on the Breakroom Wall Never Stopped a Breach In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, impersonated an employee found on LinkedIn, and talked their way into the network. No zero-day exploit. No nation-state malware. Just a phone call.

Carl B. Johnson Apr 30, 2026 5 min read
What Is Cybersecurity

What Is Cybersecurity? A Practitioner's Real-World Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered their way past the help desk with a ten-minute phone call. That single conversation gave attackers the keys to slot machines, hotel room systems, and customer data across an entire casino empire. If

Carl B. Johnson Apr 30, 2026 5 min read
Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

The Breach That Started With "Company2024!" In January 2024, a mid-size healthcare company lost 2.3 million patient records. The root cause wasn't a sophisticated zero-day exploit. It wasn't a nation-state threat actor. It was an employee who reused the same password across their

Carl B. Johnson Apr 29, 2026 5 min read
Computer Security Security

Computer Security Security: Layers That Actually Work

The Redundancy in "Computer Security Security" Is the Whole Point When the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. Southeast in 2021, the root cause wasn't exotic. It was a single compromised VPN credential without multi-factor authentication. One layer failed, and

Carl B. Johnson Apr 28, 2026 5 min read
Phishing Prevention

How to Avoid Phishing Attacks: A 2026 Survival Guide

Last March, a finance director at a mid-size logistics company wired $2.1 million to a threat actor who had spoofed the CEO's email address. The message looked perfect — right tone, right signature, right sense of urgency. The only thing wrong was the reply-to domain, off by a

Carl B. Johnson Apr 20, 2026 5 min read
What Is Cybersecurity

What Is Cybersecurity? A Practitioner's Real-World Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a ten-minute phone call. That single conversation gave attackers the keys to one of the largest hospitality companies on the planet. So when someone asks me what is

Carl B. Johnson Apr 15, 2026 5 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Yours Is Missing

In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and a growing percentage of those started on a mobile device. I've reviewed mobile device security policies for organizations of every size, and here's the uncomfortable truth:

Carl B. Johnson Apr 15, 2026 5 min read