Tag

Small Business Cybersecurity

Provides cybersecurity guidance tailored to small businesses that face resource constraints but remain high-value targets for attackers. Topics include affordable security tools, employee training, endpoint protection, and prioritizing defenses that deliver the greatest risk reduction on limited budgets.

posts

Cybersecurity Training ROI

Cybersecurity Training ROI: The Numbers That Matter

A $4.88 Million Problem With a Training-Shaped Solution IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest figure ever recorded. Meanwhile, the average investment in security awareness training per employee sits somewhere between $15 and $50

Carl B. Johnson Mar 25, 2025 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2025

In February 2024, Change Healthcare — one of the largest health payment processors in the U.S. — got hit with a ransomware attack that disrupted claims processing for weeks and exposed data on roughly 100 million individuals. The root cause? Compromised credentials on a system that lacked multi-factor authentication. That'

Carl B. Johnson Mar 25, 2025 7 min read
Cybersecurity Tips

Cybersecurity Tips That Actually Stop Breaches in 2024

In February 2024, Change Healthcare — one of the largest health payment processors in the United States — was brought to its knees by a ransomware attack. Patient data for potentially tens of millions of Americans was exposed. The initial access vector? Stolen credentials on a system that lacked multi-factor authentication. One

Carl B. Johnson Jul 10, 2024 7 min read
Computer Security Service

Computer Security Service: What Actually Works in 2024

The Breach That a $200K Security Stack Couldn't Stop In January 2024, a mid-sized accounting firm in the Midwest had firewalls, endpoint detection, SIEM logging, and a managed SOC. They spent over $200,000 a year on their computer security service stack. Then an employee clicked a phishing

Carl B. Johnson May 13, 2024 7 min read
Cybersecurity Awareness Training

Cybersecurity Awareness Training: Why "Free" Costs More

In January 2024, Microsoft disclosed that the Russian threat actor group Midnight Blizzard had breached corporate email accounts — not through some exotic zero-day exploit, but through a password spray attack on a legacy test account that lacked multi-factor authentication. One of the most well-resourced technology companies on the planet got

Carl B. Johnson Feb 28, 2024 7 min read
Ransomware Protection Tips

Ransomware Protection Tips That Actually Work in 2024

MGM Resorts lost an estimated $100 million from a single ransomware attack in September 2023. The entry point? A social engineering call to the help desk that lasted about ten minutes. That's all it took for the Scattered Spider threat actor group to cripple slot machines, hotel check-in

Carl B. Johnson Feb 09, 2024 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

In January 2024, Microsoft disclosed that a Russian state-sponsored threat actor known as Midnight Blizzard had breached executive email accounts — not through some exotic zero-day exploit, but through a simple password spray attack on a legacy test account that lacked multi-factor authentication. If Microsoft can get caught flat-footed, your organization

Carl B. Johnson Feb 09, 2024 6 min read
Incident Response Plan Template

Incident Response Plan Template: Build Yours Today

In September 2023, MGM Resorts watched helplessly as a social engineering attack — reportedly initiated through a phone call to their help desk — cascaded into a full-blown operational shutdown. Slot machines went dark. Hotel room keys stopped working. The estimated cost exceeded $100 million. MGM had cybersecurity tools. What they lacked

Carl B. Johnson Dec 11, 2023 7 min read