Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Shadow IT

What Is Shadow IT? The Hidden Risk Draining Your Security

The Salesforce Instance Nobody Knew About In 2022, a mid-size healthcare company discovered that one of its marketing teams had been running an entirely separate Salesforce instance — for eleven months. Patient-adjacent data sat in an environment with no encryption at rest, no access controls, and no logging. The IT security

Carl B. Johnson Nov 03, 2023 7 min read
Tailgating Attack

Tailgating Attack Cybersecurity: Stop the Walk-In Threat

In 2019, a man wearing a reflective vest and carrying a clipboard walked into a secure data center in Atlanta, unplugged a server, tucked it under his arm, and walked right back out the front door. Nobody stopped him. Nobody questioned him. A $2.5 million client database left the

Carl B. Johnson Sep 18, 2023 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2023

In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% jump from 2021. The vast majority of those losses traced back to failures in basic security practices. Not zero-day exploits. Not nation-state attacks. Basic, preventable

Carl B. Johnson Jun 08, 2023 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

In March 2023, the FBI's Internet Crime Complaint Center reported that Americans lost over $10.3 billion to cybercrime in 2022 — a 49% increase from the year before. The uncomfortable truth? Most of those losses trace back to failures in basic security practices, not sophisticated zero-day exploits. A

Carl B. Johnson Jun 08, 2023 7 min read
Vendor Risk Management

Vendor Risk Management Cybersecurity: A Practical Guide

The Breach That Didn't Start With You In January 2023, Mailchimp disclosed its second breach in under a year — this time through a social engineering attack on an employee. But the real damage radiated outward. Every company using Mailchimp as a vendor suddenly had a problem they didn&

Carl B. Johnson Jun 08, 2023 7 min read
Cybersecurity Glossary

Cybersecurity Glossary for Beginners: 40 Terms to Know

A hospital employee clicked a link in what looked like a routine password reset email. Within 72 hours, CommonSpirit Health — one of the largest U.S. health systems — was battling a ransomware attack that disrupted operations at over 140 facilities. The investigation report cited "lack of basic security awareness&

Carl B. Johnson Apr 23, 2023 7 min read
Adware vs Spyware

Adware vs Spyware: What's Actually Stealing Your Data

In February 2023, the FBI's Internet Crime Complaint Center reported that malware-related complaints had surged again, with losses running into the hundreds of millions. Buried in those numbers is a distinction most people get wrong: adware vs spyware. I've watched organizations treat adware as a minor

Carl B. Johnson Apr 10, 2023 6 min read