Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Password Manager

Why Use a Password Manager: A Security Pro's Take

In January 2022, the Red Cross disclosed a cyberattack that compromised personal data of over 515,000 vulnerable people. The attack exploited unpatched vulnerabilities — but the investigation also revealed compromised credentials as a contributing factor. It's a pattern I see constantly. And every time it happens, I get

Carl B. Johnson Feb 15, 2022 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 61% Problem Nobody Talks About The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credentials. Not sophisticated zero-day exploits. Not nation-state malware. Passwords. Stolen, reused, guessed, and phished passwords remain the single largest attack vector threat actors exploit today. I've spent years

Carl B. Johnson Feb 15, 2022 6 min read
Incident Response Plan Template

Incident Response Plan Template: Build Yours in 2022

When Colonial Pipeline got hit with ransomware in May 2021, they paid $4.4 million within hours. Their CEO later told a Senate committee the company had an incident response plan — but executing it under pressure exposed gaps nobody anticipated. If a company running critical U.S. infrastructure can stumble,

Carl B. Johnson Feb 10, 2022 8 min read
Incident Response

How to Respond to a Cyberattack: A Step-by-Step Plan

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised password shut down fuel distribution across the U.S. East Coast. The attack didn't just expose a vulnerability in critical infrastructure — it exposed a truth most organizations ignore: the speed and quality of

Carl B. Johnson Feb 10, 2022 7 min read
Zero Trust Security Model

Zero Trust Security Model: A Practical Guide for 2022

In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the U.S. East Coast. The attackers used a legacy VPN account with no multi-factor authentication — a textbook example of what happens when an organization trusts its perimeter instead of verifying every access

Carl B. Johnson Jan 15, 2022 7 min read
Zero Trust

What Is Zero Trust? A Practical Guide for 2022

In May 2021, a single compromised password shut down the Colonial Pipeline and triggered fuel shortages across the eastern United States. The attackers used a legacy VPN account that had no multi-factor authentication. One credential. No additional verification. That's all it took to paralyze critical infrastructure. If you&

Carl B. Johnson Jan 15, 2022 7 min read
Securing Remote Employees

Securing Remote Employees: A Practical Guide for 2022

In July 2021, a ransomware attack on Kaseya's VSA software cascaded through managed service providers and hit up to 1,500 businesses — many of them small companies with remote workers connecting through poorly secured endpoints. The REvil gang demanded $70 million. That single incident crystallized what I'

Carl B. Johnson Jan 15, 2022 8 min read
Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Your First Defense

The Policy Nobody Reads Until It's Too Late In December 2020, a SolarWinds employee reportedly used the password "solarwinds123" on a critical server — a credential so weak it became a punchline at Congressional hearings. But here's the question nobody asked loudly enough: did SolarWinds

Carl B. Johnson Jan 06, 2022 8 min read