Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In 2023, the FBI's Internet Crime Complaint Center (IC3) received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase from the year before. A massive chunk of those losses traced back to malware infections that could have been stopped with basic hygiene. If

Carl B. Johnson Apr 13, 2026 4 min read
Smishing

FBI Warning on Smishing Texts: What You Must Do Now

76,000 Victims and Counting — The FBI's Smishing Alert Is Serious In early 2024, the FBI and FTC issued urgent warnings about a massive smishing campaign impersonating toll collection agencies and delivery services across all 50 states. By late 2025, the IC3 had cataloged tens of thousands of

Carl B. Johnson Apr 13, 2026 5 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported that phishing — including fake mail delivered via email, text, and voice — was the most reported cybercrime category for the fifth consecutive year, with over 298,000 complaints. And that only accounts for what gets reported. In my experience,

Carl B. Johnson Apr 12, 2026 5 min read
Third Party Risk

Third Party Vendor Cybersecurity Risk: A 2026 Guide

When Target lost 40 million credit card records in 2013, the attackers didn't breach Target directly. They compromised an HVAC vendor. Over a decade later, the playbook hasn't changed — it's just gotten more devastating. Third party vendor cybersecurity risk is now the single fastest-growing

Carl B. Johnson Apr 07, 2026 6 min read
FTC Cybersecurity Requirements

FTC Cybersecurity Requirements for Businesses in 2026

The FTC Just Fined Another Company Millions — Is Yours Next? I was just reading in 2023 the FTC finalized sweeping updates to its Safeguards Rule, and since then, enforcement has only accelerated. Companies like Chegg, CafePress, and Drizly didn't just face fines — their executives were personally named in

Carl B. Johnson Apr 06, 2026 6 min read
Social Engineering Examples

Social Engineering Examples: 7 Real Attacks That Worked

In September 2022, a teenager allegedly convinced an Uber employee to hand over access credentials through a simple text message. No zero-day exploit. No sophisticated malware. Just a convincing story and a target who didn't verify the request. That single social engineering attack gave the threat actor access

Carl B. Johnson Apr 06, 2026 5 min read
Phishing

What Is Phishing? A Security Pro's Real-World Guide

A Single Email Cost This Company $100 Million In 2017, a Lithuanian man tricked Google and Facebook employees into wiring over $100 million to bank accounts he controlled. His weapon wasn't malware. It wasn't a zero-day exploit. It was email. He sent invoices that looked like

Carl B. Johnson Apr 05, 2026 5 min read
Social Engineering Examples

Social Engineering Examples That Fool Even Experts

The Phone Call That Cost MGM Resorts $100 Million In September 2023, a threat actor called MGM Resorts' IT help desk, impersonated an employee they found on LinkedIn, and convinced the technician to reset credentials. That single phone call triggered a ransomware attack that disrupted operations across Las Vegas

Carl B. Johnson Apr 04, 2026 5 min read