Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Your First Defense

The Policy Nobody Reads Until It's Too Late In 2023, a single employee at MGM Resorts called the help desk, and a threat actor used social engineering to gain access that led to a $100 million hit on operations. One phone call. No malware exploit. No zero-day vulnerability.

Carl B. Johnson Nov 08, 2020 6 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2026

The Framework 87% of Organizations Claim to Follow — But Most Get Wrong When the Change Healthcare breach exposed the records of over 100 million people in 2024, investigators found something familiar: the organization had a cybersecurity program on paper. What it lacked was disciplined execution against a proven structure. That

Carl B. Johnson Nov 04, 2020 7 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

Your Employees Already Built a Second IT Department A marketing manager signs up for an AI writing tool using her corporate email. A sales rep stores client contracts in a personal Dropbox. An engineering team spins up an AWS instance without telling anyone. None of these people are malicious. Every

Carl B. Johnson Oct 27, 2020 7 min read
Shadow IT

What Is Shadow IT? The Hidden Risk Draining Your Budget

The Breach That Started With a Spreadsheet App In 2023, a midsize healthcare company discovered that an employee had been syncing patient records to an unauthorized cloud storage service for over eight months. The service had no encryption, no access controls, and no audit logging. By the time the security

Carl B. Johnson Oct 27, 2020 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2026

A Single Reused Password Cost One Company Everything In 2021, the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast. The entry point? A single compromised password on a legacy VPN account that lacked multi-factor authentication. That's not a sophisticated nation-state exploit. That&

Carl B. Johnson Sep 07, 2020 6 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered an IT help desk with a ten-minute phone call. No zero-day exploit. No nation-state tooling. Just sloppy basics. That breach — and hundreds like it every year — could have been prevented with a disciplined

Carl B. Johnson Sep 07, 2020 7 min read
Board-Level Cybersecurity Awareness

Board-Level Cybersecurity Awareness: A Survival Guide

The SEC Just Made Ignorance Expensive In July 2023, the SEC finalized rules requiring public companies to disclose material cybersecurity incidents within four business days — and to describe their board's oversight of cyber risk annually. That single regulatory move turned board-level cybersecurity awareness from a nice-to-have into a

Carl B. Johnson Sep 07, 2020 6 min read
Cybersecurity Due Diligence

Cybersecurity Due Diligence: What Most Companies Miss

The $350 Million Wake-Up Call Nobody Expected When Verizon acquired Yahoo in 2017, a previously undisclosed breach affecting 3 billion accounts forced the deal price down by $350 million. That single failure of cybersecurity due diligence became the most expensive cautionary tale in M&A history — and it permanently

Carl B. Johnson Jun 25, 2020 7 min read