Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Clean Desk Policy

Clean Desk Policy Cybersecurity: Why It Still Matters

The Unlocked Filing Cabinet That Cost a Hospital $3 Million In 2019, the Office for Civil Rights fined Bayfront Health St. Petersburg $85,000 for a breach involving paper records left in an unsecured location. That was a small settlement. I've seen organizations lose far more when a

Carl B. Johnson Sep 01, 2019 7 min read
Cybersecurity Culture

Cybersecurity Culture in the Workplace: A Practical Guide

The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a social engineering message to an Uber employee, pretending to be IT support. The employee handed over credentials. Within hours, the attacker had access to internal systems, the company's HackerOne vulnerability reports,

Carl B. Johnson Sep 01, 2019 7 min read
Cybersecurity Culture

Building a Cybersecurity Culture That Actually Works

The Breach That Started With a Single Slack Message In September 2022, a threat actor sent a push notification to an Uber contractor's phone — over and over, for more than an hour. The contractor eventually approved the multi-factor authentication request just to make it stop. That single moment

Carl B. Johnson Sep 01, 2019 6 min read
Security Awareness Training

How to Measure Security Awareness Training ROI

Your Training Program Might Be Failing — and You'd Never Know In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. Organizations with security awareness training and incident response planning cut that number dramatically. But here's

Carl B. Johnson Sep 01, 2019 8 min read
Cybersecurity Gamification Training

Cybersecurity Gamification Training That Actually Works

A 45-Minute Training Video Nobody Watched In 2023, a mid-size healthcare company I consulted for spent $60,000 on a compliance-focused security awareness program. It featured a 45-minute narrated slideshow, a 10-question quiz, and a certificate of completion. Their post-training phishing simulation results? A 31% click rate — virtually unchanged from

Carl B. Johnson Sep 01, 2019 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

In 2023, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk. The attackers didn't exploit a zero-day vulnerability. They didn't write exotic malware. They called IT support, impersonated an employee, and got

Carl B. Johnson Aug 20, 2019 7 min read
Board-Level Cybersecurity Awareness

Board-Level Cybersecurity Awareness: A 2026 Guide

The SEC Changed Everything — Most Boards Still Haven't Caught Up In July 2023, the SEC adopted rules requiring public companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. Since then, I've reviewed dozens

Carl B. Johnson Aug 20, 2019 7 min read