Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Zero Trust

What Is Zero Trust? A Practical Guide for 2025

The Breach That Made "Trust But Verify" Obsolete In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had compromised executive email accounts — not by exploiting some exotic zero-day, but by password-spraying a legacy test tenant account that lacked multi-factor authentication. One overlooked

Carl B. Johnson Jun 12, 2025 8 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical 2025 Guide

The VPN That Let Attackers Walk Right In In January 2024, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Chinese state-sponsored threat actors had exploited Ivanti Connect Secure VPN vulnerabilities to breach multiple U.S. federal agencies. The attackers didn't kick down the door. They walked through

Carl B. Johnson May 25, 2025 7 min read
Cybersecurity for Law Firms

Cybersecurity for Law Firms: A Practical Defense Guide

Why Threat Actors Love Targeting Law Firms In February 2024, global law firm Allen & Overy confirmed a ransomware attack by the LockBit group that compromised internal data. That same year, the American Bar Association reported that 29% of law firms surveyed had experienced a security breach at some point.

Carl B. Johnson May 10, 2025 8 min read
Mobile Device Security Policy

Mobile Device Security Policy: What Yours Is Missing

A Single Stolen Phone Cost This Company $4.9 Million In 2023, a healthcare organization reported to the HHS that a single unencrypted mobile device — left in a rideshare — led to the exposure of over 100,000 patient records. The resulting HIPAA settlement, remediation costs, and reputational damage ran into

Carl B. Johnson Apr 22, 2025 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2025

In February 2024, Change Healthcare — one of the largest health payment processors in the U.S. — got hit with a ransomware attack that disrupted claims processing for weeks and exposed data on roughly 100 million individuals. The root cause? Compromised credentials on a system that lacked multi-factor authentication. That'

Carl B. Johnson Mar 25, 2025 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

The Breach That Started With a Reused Password In January 2024, Microsoft disclosed that a Russian threat actor group known as Midnight Blizzard compromised executive email accounts — not through some exotic zero-day, but by password spraying a legacy test account that lacked multi-factor authentication. One overlooked account. No MFA. That&

Carl B. Johnson Mar 17, 2025 7 min read
Cybersecurity for Executives

Cybersecurity for Executives: What Boards Must Know

The CEO Who Clicked Reply In 2023, the SEC charged SolarWinds' CISO Timothy Brown for misleading investors about the company's cybersecurity practices. That action sent a shockwave through every C-suite in America. Suddenly, cybersecurity wasn't just an IT issue — it was a personal liability issue.

Carl B. Johnson Mar 17, 2025 7 min read
Vendor Risk Management

Vendor Risk Management Cybersecurity: A Practical Guide

The Breach That Didn't Start With You In February 2024, Change Healthcare — a subsidiary of UnitedHealth Group — suffered a ransomware attack that disrupted healthcare payment processing across the entire United States for weeks. The threat actor didn't breach UnitedHealth directly. They compromised a vendor system that

Carl B. Johnson Feb 28, 2025 8 min read
Dark Web Monitoring

Dark Web Monitoring for Businesses: A Practical Guide

In February 2024, a threat actor going by "USDoD" listed 2.9 billion records from National Public Data on a dark web forum — records that included Social Security numbers, full names, and addresses of nearly every American adult. The breach didn't make mainstream headlines until months

Carl B. Johnson Feb 28, 2025 8 min read