Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Shadow IT Risks

Shadow IT Risks: The Threats Hiding in Your Network

Your Employees Are Building a Second Network — And You Can't See It In March 2021, a vulnerability in Microsoft Exchange Server sent security teams scrambling. But here's what didn't make the headlines: many organizations discovered Exchange instances they didn't even know existed.

Carl B. Johnson Dec 23, 2021 8 min read
Cyber Hygiene

What Is Cyber Hygiene? The Basics That Stop 85% of Attacks

In March 2021, a single compromised password led to the Colonial Pipeline ransomware attack that shut down fuel delivery across the U.S. East Coast. The account didn't even have multi-factor authentication enabled. That's not a sophisticated nation-state exploit — that's a basic cyber hygiene

Carl B. Johnson Nov 28, 2021 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

When Colonial Pipeline paid $4.4 million in ransom in May 2021, investigators traced the initial compromise back to a single compromised VPN credential — one that didn't have multi-factor authentication enabled. That's not a sophisticated nation-state exploit. That's a basic hygiene failure. And it

Carl B. Johnson Nov 28, 2021 6 min read
Cybersecurity for Executives

Cybersecurity for Executives: What Boards Get Wrong

When Colonial Pipeline's CEO Joseph Blount testified before the Senate in June 2021, he admitted the company paid $4.4 million in ransom after a single compromised password shut down the largest fuel pipeline in the United States. No multi-factor authentication. No segmentation between IT and operational technology.

Carl B. Johnson Nov 28, 2021 6 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

In April 2021, a collection of 533 million Facebook user records surfaced on a dark web forum — names, phone numbers, email addresses, all posted for anyone to grab. Three months before that, a compilation of 3.2 billion email and password pairs called COMB (Compilation of Many Breaches) appeared on

Carl B. Johnson Sep 23, 2021 7 min read
Multi-Factor Authentication

Authenticator App vs SMS Verification: Which Is Safer?

In February 2021, T-Mobile disclosed a data breach that exposed customer phone numbers and SIM information. That same month, the FBI's Internet Crime Complaint Center continued logging a surge in SIM swap complaints — a threat that directly undermines SMS-based two-factor authentication. If your organization still relies on text

Carl B. Johnson Sep 16, 2021 7 min read
Cybersecurity Glossary

Cybersecurity Glossary for Beginners: 40 Terms to Know

During the 2020 SolarWinds breach investigation, I watched a boardroom full of executives stare blankly when an incident responder mentioned "lateral movement" and "supply chain compromise." They had no idea what was happening to their own network — not because they were negligent, but because nobody had

Carl B. Johnson Sep 16, 2021 8 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A No-Nonsense Guide

In May 2021, Colonial Pipeline paid a $4.4 million ransom after a single compromised password shut down fuel delivery across the U.S. East Coast. The post-incident reporting was filled with jargon — ransomware, threat actor, credential theft, attack vector — that left most non-technical readers glazing over. Here's

Carl B. Johnson Sep 16, 2021 7 min read
Adware vs Spyware

Adware vs Spyware: What Security Pros Know You Don't

In March 2021, Avast researchers disclosed that at least 28 browser extensions — used by roughly three million people — were quietly harvesting browsing data and redirecting users to phishing and ad-laden sites. Some of those extensions looked like simple ad-blocking tools. Others posed as social media helpers. Under the hood, they

Carl B. Johnson Sep 16, 2021 7 min read