Tag

Security Awareness Training

Discover resources and strategies for building effective security awareness training programs. Posts cover curriculum design, engagement techniques, compliance requirements, and methods for measuring training impact to reduce human-related security incidents across organizations.

posts

Phishing Links

What Is a Phishing Link? How to Spot One Fast

In March 2024, a single phishing link in a spoofed Microsoft 365 email gave attackers access to the email accounts of several U.S. State Department employees. The link looked like a routine password-reset page. It wasn't. That one click led to weeks of unauthorized access before anyone

Carl B. Johnson May 23, 2026 5 min read
Cyber Incident Reporting

How to Report a Cyber Incident: A Step-by-Step Guide

In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — a 22% increase in losses from the year before. Yet the FBI estimates a massive number of cyber incidents still go unreported. That gap between what happens and

Carl B. Johnson May 23, 2026 5 min read
Security Awareness Metrics

Security Awareness Metrics That Actually Prove ROI

Your Board Doesn't Care About Completion Rates I sat in a meeting last year where a CISO proudly reported a 97% training completion rate. The board nodded politely. Two months later, a single phishing email led to a credential theft incident that cost the organization $2.3 million

Carl B. Johnson May 22, 2026 5 min read
Spear Phishing

What Is Spear Phishing? The Targeted Attack Behind Major Breaches

A Single Email Cost This Company $100 Million In 2015, Ubiquiti Networks disclosed that attackers used carefully crafted emails impersonating company executives to trick finance employees into wiring $46.7 million to overseas accounts. The attackers didn't exploit a software vulnerability. They exploited trust. That's spear

Carl B. Johnson May 21, 2026 5 min read
Strong Password Examples

Strong Password Examples That Actually Stop Hackers

In 2023, a single reused password gave threat actors access to 23andMe's credential stuffing attack, ultimately exposing the genetic data of 6.9 million users. The attackers didn't exploit a zero-day vulnerability. They didn't deploy sophisticated malware. They simply tried known username-password combinations from

Carl B. Johnson May 20, 2026 5 min read
Computer Security Advice

Computer Security Advice That Actually Works in 2026

The Breach That Started With a Single Password In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attackers didn't exploit some exotic zero-day vulnerability. They used basic social engineering — information scraped from LinkedIn

Carl B. Johnson May 19, 2026 5 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Most Orgs Get Wrong

A Single Phone Took Down an Entire Pipeline In 2021, a compromised password — likely harvested from a mobile device or reused across platforms — gave threat actors access to Colonial Pipeline's VPN. The result: fuel shortages across the Eastern United States, a $4.4 million ransom payment, and a

Carl B. Johnson May 18, 2026 6 min read