Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Cybersecurity Best Practices

Cybersecurity Best Practices for Employees in 2025

In January 2025, a finance employee at a multinational firm joined a video call with what appeared to be their CFO and several colleagues. Every face on the screen was a deepfake. The employee transferred $25 million before anyone realized what happened. That incident — reported by CNN and confirmed by

Carl B. Johnson Aug 17, 2025 7 min read
Ransomware

How Ransomware Spreads: 7 Attack Vectors in 2025

In February 2024, Change Healthcare — the payment processor handling roughly one-third of all U.S. medical claims — was hit by the ALPHV/BlackCat ransomware group. The result: $872 million in direct costs reported by UnitedHealth Group, months of disrupted pharmacy operations, and the personal health data of over 100 million

Carl B. Johnson Jul 15, 2025 7 min read
Data Breach Reporting

How to Report a Data Breach: A Step-by-Step Guide

In February 2024, Change Healthcare suffered a ransomware attack that exposed the protected health information of approximately 190 million people — making it the largest healthcare data breach in U.S. history. The fallout wasn't just the breach itself. It was the weeks of confusion about who had been

Carl B. Johnson Jul 15, 2025 8 min read
Multi-Factor Authentication

MFA vs Two-Factor Authentication: What Really Matters

In March 2024, a threat actor bypassed a major healthcare provider's two-factor authentication by intercepting SMS codes through a SIM-swapping attack — compromising over 2 million patient records. The organization thought they were protected. They had "MFA" checked off on their compliance audit. But they'd

Carl B. Johnson Jun 15, 2025 7 min read
Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The Breach That Started With "Spring2024!" In early 2024, a midsize healthcare company in the Midwest lost 2.3 million patient records. The root cause wasn't a sophisticated zero-day exploit. It wasn't a nation-state threat actor. It was an employee who reused the same

Carl B. Johnson Jun 15, 2025 6 min read
Incident Response Plan Template

Incident Response Plan Template: Build Yours in 2025

The Breach That Didn't Have to Be a Disaster In early 2024, Change Healthcare suffered a ransomware attack that disrupted pharmacy operations and claims processing across the entire U.S. healthcare system for weeks. UnitedHealth Group eventually disclosed that the breach affected roughly 100 million individuals — the largest

Carl B. Johnson Jun 14, 2025 7 min read
Incident Response

How to Respond to a Cyberattack: A Step-by-Step Guide

In May 2023, the City of Dallas got hit with Royal ransomware. Police dispatch systems went down. Court services froze. Municipal operations ground to a halt for weeks. The city ultimately spent over $8.5 million on recovery. And here's the part that stings: Dallas had cybersecurity staff

Carl B. Johnson Jun 14, 2025 7 min read