Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Password Manager Benefits

Password Manager Benefits That Stop 80% of Breaches

One Reused Password Cost This Company $10 Million In 2024, the Snowflake customer breach wave compromised over 165 organizations — including Ticketmaster and AT&T — because attackers used stolen credentials harvested from infostealer malware. The common thread? Employees reusing passwords across personal and corporate accounts with no password manager in

Carl B. Johnson Jul 10, 2026 5 min read
Data Breach Response Plan

Data Breach Response Plan: Build One Before You Need It

The Breach That Exposed 147 Million People — And a Broken Response When Equifax disclosed its 2017 breach, the technical failure got the headlines. But the real catastrophe was the response. Weeks of delay, a phishing-prone notification website, and executives who dumped stock before the public announcement. The company eventually paid

Carl B. Johnson Jul 09, 2026 5 min read
Ransomware Prevention

How to Prevent Ransomware: A Practical Defense Guide

A Single Click Cost One Hospital System $67 Million In 2024, Change Healthcare — one of the largest health payment processors in the U.S. — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted claims processing for thousands of providers nationwide. UnitedHealth Group, its parent company, reported costs exceeding

Carl B. Johnson Jul 07, 2026 5 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Skip

The $350 Million Checkbox That Wasn't Checked When Verizon acquired Yahoo in 2017, two massive data breaches — affecting all three billion Yahoo accounts — knocked $350 million off the purchase price. The breaches had happened years earlier, but inadequate cybersecurity due diligence meant the full scope wasn't

Carl B. Johnson Jul 07, 2026 6 min read
Cybersecurity Policy for Employees

Cybersecurity Policy for Employees: A Practical Guide

In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They exploited a gap in employee policy — specifically, the identity verification process for password resets. A strong cybersecurity

Carl B. Johnson Jul 05, 2026 5 min read