Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Your First Defense

In 2023, a single employee at MGM Resorts used a corporate credential to respond to a social engineering call. The threat actor impersonated IT, gained access, and triggered a ransomware attack that cost the company over $100 million. The kicker? A well-enforced acceptable use policy — one that clearly defined how

Carl B. Johnson Apr 20, 2026 5 min read
Data Breach Reporting

How to Report a Data Breach: A Step-by-Step Guide

The Clock Starts Ticking the Second You Discover a Breach In March 2024, Change Healthcare suffered a ransomware attack that exposed the protected health information of over 100 million individuals. The fallout wasn't just technical — it was a cascading failure in communication, notification, and reporting that took months

Carl B. Johnson Apr 19, 2026 6 min read
Fake Mail

Fake Mail: How to Spot It Before It Costs You

In 2023, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be a legitimate video call and email chain from the company's CFO. It was all fake — the video was a deepfake, and the emails were

Carl B. Johnson Apr 17, 2026 5 min read
Shadow IT Risks

Shadow IT Risks: The Invisible Threat Draining Your Budget

A Marketing Team's Slack Alternative Nearly Took Down an Entire Hospital Network In 2023, a regional healthcare system discovered that its marketing department had been using an unapproved messaging platform for over 14 months. Nobody in IT knew. The platform stored patient-adjacent data with no encryption, no access

Carl B. Johnson Apr 16, 2026 5 min read
Cybersecurity Training

How to Train Employees on Cybersecurity in 2026

The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered an IT help desk employee with a phone call that lasted about ten minutes. The attacker didn't exploit a zero-day vulnerability. They didn&

Carl B. Johnson Apr 11, 2026 5 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why It Works in 2026

In 2024, MGM Resorts lost an estimated $100 million after a social engineering attack that started with a single phone call to a help desk employee. The threat actor impersonated an employee, convinced IT staff to reset credentials, and within hours had access to critical systems. One conversation. No malware.

Carl B. Johnson Apr 03, 2026 5 min read
Cyber Hygiene

What Is Cyber Hygiene? The Daily Habits That Stop Breaches

A Single Unpatched Laptop Cost One Hospital $3 Million In 2023, the U.S. Department of Health and Human Services settled with a healthcare provider after a ransomware attack that started on one employee's unpatched workstation. The machine hadn't been updated in over 90 days. That

Carl B. Johnson Apr 02, 2026 5 min read
Cybersecurity Terms Explained

Cybersecurity Terms Explained: A Practical Guide

Last year, a hospital administrator told me she ignored an alert about a credential stuffing attack because she didn't know what that phrase meant. Three days later, her organization was dealing with a ransomware incident that shut down patient scheduling for two weeks. The jargon gap in cybersecurity

Carl B. Johnson Mar 31, 2026 5 min read