Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Data Breach Notification Requirements

Data Breach Notification Requirements: A 2025 Guide

In May 2023, T-Mobile agreed to a $350 million settlement after a data breach exposed the personal information of roughly 76 million people. A significant chunk of that cost wasn't the breach itself — it was the fallout from notification failures, regulatory scrutiny, and class-action lawsuits that followed. If

Carl B. Johnson Jun 15, 2025 8 min read
Password Security Best Practices

Password Security Best Practices That Actually Work

The Breach That Started With a Single Reused Password In January 2024, a credential stuffing attack hit genetic testing giant 23andMe, ultimately exposing the personal data of approximately 6.9 million users. The root cause wasn't some exotic zero-day exploit. It was customers reusing passwords they'd

Carl B. Johnson Jun 15, 2025 7 min read
Strong Passwords

How to Create a Strong Password That Actually Stops Hackers

The 23-Character Password That Still Got Cracked In 2024, a security researcher at Hive Systems demonstrated that a 12-character password using only lowercase letters could be brute-forced in about three weeks with modern GPU hardware. Bump that up to a complex 12-character mix of upper, lower, numbers, and symbols? Still

Carl B. Johnson Jun 15, 2025 7 min read
Multi-Factor Authentication

Multi-Factor Authentication Setup: A Practical Guide

The Breach That Started With a Single Stolen Password In January 2024, a threat actor used stolen credentials to access a Snowflake customer environment — no malware, no exploit, just a username and password harvested months earlier. The fallout hit Ticketmaster and AT&T, exposing hundreds of millions of records.

Carl B. Johnson Jun 15, 2025 8 min read
Password Manager

Why Use a Password Manager: The Case Is Settled

The Breach That Started With "CompanyName2024!" In January 2025, a mid-size healthcare provider in the Midwest discovered that an attacker had been living inside their network for eleven weeks. The initial access point? A reused password. An employee had used the same credential for their company email and

Carl B. Johnson Jun 15, 2025 7 min read
Strong Password Examples

Strong Password Examples That Actually Stop Hackers

The 23 Billion Reasons Your Password Probably Isn't Good Enough In January 2024, researchers discovered a file called "RockYou2024" floating around dark web forums. It contained roughly 9.9 billion unique plaintext passwords — the largest credential dump in history at the time. By early 2025, threat

Carl B. Johnson Jun 14, 2025 7 min read
Incident Response

Cyber Incident Response Steps: A Practical 2025 Guide

The Breach That Took 277 Days to Find IBM's 2024 Cost of a Data Breach Report found the global average cost of a breach hit $4.88 million — and organizations that took longer than 200 days to identify and contain a breach paid significantly more. The average lifecycle?

Carl B. Johnson Jun 14, 2025 8 min read
Cybersecurity Incident Examples

Cybersecurity Incident Examples That Changed Everything

The Breach That Cost Change Healthcare $22 Million in Ransom In February 2024, the ransomware group ALPHV/BlackCat crippled Change Healthcare — a company that processes roughly one-third of all U.S. healthcare claims. The attack disrupted pharmacies, hospitals, and billing systems nationwide for weeks. UnitedHealth Group, Change Healthcare's

Carl B. Johnson Jun 14, 2025 7 min read
Cyber Incident Reporting

How to Report a Cyber Incident: A Step-by-Step Guide

The Breach That Nobody Reported for 72 Days In 2023, the SEC charged SolarWinds' CISO with fraud partly because the company allegedly downplayed the severity of a cyber incident and failed to disclose material risks. That case sent shockwaves through every boardroom in America. It proved something I'

Carl B. Johnson Jun 14, 2025 7 min read