Tag

Phishing Prevention

Delivers actionable advice on recognizing and preventing phishing attacks, including email phishing, spear phishing, smishing, and vishing. Covers detection techniques, employee training approaches, email security tools, and real-world phishing examples to strengthen your defenses.

posts

Password Manager

Why Use a Password Manager: The Case Is Overwhelming

The Breach That Started With "Company123!" In 2024, the credential stuffing attack against Roku compromised over 576,000 accounts. The attackers didn't exploit some exotic zero-day vulnerability. They used passwords stolen from other breaches and tried them against Roku accounts — because people reuse passwords everywhere. That

Carl B. Johnson Apr 10, 2026 6 min read
FTC Cybersecurity Requirements

FTC Cybersecurity Requirements for Businesses in 2026

The FTC Just Fined Another Company Millions — Is Yours Next? I was just reading in 2023 the FTC finalized sweeping updates to its Safeguards Rule, and since then, enforcement has only accelerated. Companies like Chegg, CafePress, and Drizly didn't just face fines — their executives were personally named in

Carl B. Johnson Apr 06, 2026 6 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $100 Million In 2017, a Lithuanian man tricked Google and Facebook employees into wiring over $100 million to bank accounts he controlled. His weapon wasn't malware. It wasn't a zero-day exploit. It was email. He sent invoices that looked like

Carl B. Johnson Apr 05, 2026 5 min read
Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

One Reused Password Cost This Company $4.6 Billion In 2017, a single set of reused credentials let threat actors walk into Equifax's systems and expose 147 million records. The total cost exceeded $4.6 billion when you factor in the FTC settlement, lawsuits, and remediation. One password.

Carl B. Johnson Mar 29, 2026 5 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2026

The Framework 83% of Organizations Claim to Follow — But Few Actually Implement When the City of Dallas was hit by a devastating ransomware attack in May 2023, investigations revealed systemic gaps in risk management, incident response, and access controls — the exact areas the NIST Cybersecurity Framework was designed to address.

Carl B. Johnson Mar 28, 2026 6 min read
Phish Setlist

Phish Setlist for Security: Building Your Attack Plan

One Band's Name Became Cybersecurity's Favorite Metaphor In 2024, the FBI's IC3 report documented over 298,000 phishing complaints — making it the most reported cybercrime category for the fifth consecutive year. And yet, most organizations still run phishing simulations like they're checking

Carl B. Johnson Jan 18, 2026 8 min read
Spoofing

Spoofing Attacks: How They Work and How to Stop Them

A CFO Wired $25 Million Because of a Spoofed Video Call In early 2024, a finance worker at a multinational firm in Hong Kong transferred $25.6 million after joining a video conference call where every other participant — including the company's CFO — was a deepfake. The threat actors

Carl B. Johnson Jan 17, 2026 7 min read
FakeEmail

FakeEmail Attacks: How Spoofed Messages Bypass Filters

In March 2025, a mid-size accounting firm in Ohio wired $1.2 million to a threat actor who sent a single spoofed email — a fakeemail that perfectly mimicked the CEO's display name, writing style, and even included a forwarded thread from a real conversation. The email passed every

Carl B. Johnson Dec 13, 2025 7 min read