Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

BYOD Security Risks

BYOD Security Risks: What Your Policy Is Missing

A Single Employee's Phone Just Cost This Company Everything In August 2021, T-Mobile confirmed a massive data breach affecting over 50 million people. While the full attack chain was complex, the reality is that personal devices connecting to corporate environments create attack surfaces that most IT teams drastically

Carl B. Johnson Dec 22, 2021 7 min read
Mobile Phishing Attacks

Mobile Phishing Attacks: Why Your Phone Is Now Target #1

Your Employees' Phones Are the Weakest Link Right Now In September 2021, Lookout reported that mobile phishing attacks had surged 161% since 2020. That's not a typo. The device your employees carry everywhere — the one they check 96 times a day — has become the primary attack surface

Carl B. Johnson Dec 18, 2021 7 min read
Tailgating Attack

Tailgating Attack Cybersecurity: The Threat at Your Door

In September 2019, a Chinese national named Yujing Zhang walked past security at Mar-a-Lago carrying a thumb drive loaded with malware. She told the front desk she was there to use the pool. That's tailgating — and it nearly compromised one of the most secured private facilities in the

Carl B. Johnson Dec 18, 2021 7 min read
Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat You Ignore

A $10 Pair of Binoculars Can Beat Your $10 Million Security Budget In 2018, a researcher at a security conference demonstrated how he captured over 100 passwords simply by watching people type at airport gates and coffee shops over a two-week period. No malware. No phishing emails. No zero-day exploits.

Carl B. Johnson Dec 18, 2021 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

The Breach That Started with a Single Employee In May 2021, a single compromised password shut down Colonial Pipeline and triggered fuel shortages across the Eastern United States. The credential was tied to a legacy VPN account that lacked multi-factor authentication. One employee. One password. $4.4 million in ransom

Carl B. Johnson Dec 18, 2021 7 min read
Security Awareness Metrics

Security Awareness Metrics That Actually Prove ROI

In 2020, a mid-sized healthcare provider invested $250,000 in a security awareness program. Twelve months later, the CISO couldn't answer one question from the board: "Is it working?" No baseline measurements. No tracking. No defensible data. That CISO is now updating a résumé. I'

Carl B. Johnson Nov 28, 2021 7 min read
Security Awareness Training

How to Measure Security Awareness Training ROI

In March 2021, a single employee at a water treatment plant in Oldsmar, Florida clicked through a remote access session that could have poisoned a city's water supply. The attacker gained entry through a shared TeamViewer password — no phishing email required. The incident raised a question that boardrooms

Carl B. Johnson Nov 28, 2021 7 min read