Tag

Small Business Cybersecurity

Provides cybersecurity guidance tailored to small businesses that face resource constraints but remain high-value targets for attackers. Topics include affordable security tools, employee training, endpoint protection, and prioritizing defenses that deliver the greatest risk reduction on limited budgets.

posts

Computer Security Companies

Computer Security Companies: What They Won't Tell You

The Blind Spot That Computer Security Companies Sell Around In March 2022, Okta — one of the most prominent identity management vendors in the world — confirmed that the Lapsus$ threat actor group had compromised a third-party support engineer's laptop and accessed internal systems. An identity security company, breached through

Carl B. Johnson Jul 30, 2022 7 min read
Computer Security Service

Computer Security Service: What Actually Works in 2022

The Colonial Pipeline Fallout Changed Everything About How We Buy Security One year ago, a single compromised password shut down the largest fuel pipeline in the United States. Colonial Pipeline paid $4.4 million in ransom. Gas stations across the Southeast ran dry. And the FBI later confirmed that the

Carl B. Johnson Jun 20, 2022 7 min read
Data Breach Prevention

Data Breach Prevention: 9 Steps That Actually Work

The Breach That Started With a Single Stolen Password In May 2021, a single compromised password shut down fuel distribution across the Eastern United States. The Colonial Pipeline ransomware attack disrupted gas supplies for days and cost the company a $4.4 million ransom payment. The root cause? A legacy

Carl B. Johnson Mar 18, 2022 6 min read
Incident Response Plan Template

Incident Response Plan Template: Build Yours in 2022

When Colonial Pipeline got hit with ransomware in May 2021, they paid $4.4 million within hours. Their CEO later told a Senate committee the company had an incident response plan — but executing it under pressure exposed gaps nobody anticipated. If a company running critical U.S. infrastructure can stumble,

Carl B. Johnson Feb 10, 2022 8 min read
NIST Cybersecurity Framework

NIST Cybersecurity Framework: A Practical Guide for 2022

When Colonial Pipeline shut down 5,500 miles of fuel infrastructure in May 2021 due to a single compromised password, it wasn't a failure of technology. It was a failure of framework. The company lacked the layered defenses, detection capabilities, and response plans that the NIST Cybersecurity Framework

Carl B. Johnson Jan 01, 2022 7 min read
Cyber Hygiene

What Is Cyber Hygiene? The Basics That Stop 85% of Attacks

In March 2021, a single compromised password led to the Colonial Pipeline ransomware attack that shut down fuel delivery across the U.S. East Coast. The account didn't even have multi-factor authentication enabled. That's not a sophisticated nation-state exploit — that's a basic cyber hygiene

Carl B. Johnson Nov 28, 2021 7 min read
Cyber Hygiene Checklist

Cyber Hygiene Checklist: 12 Steps That Actually Work

When Colonial Pipeline paid $4.4 million in ransom in May 2021, investigators traced the initial compromise back to a single compromised VPN credential — one that didn't have multi-factor authentication enabled. That's not a sophisticated nation-state exploit. That's a basic hygiene failure. And it

Carl B. Johnson Nov 28, 2021 6 min read
Computer Virus Prevention

Computer Virus Prevention: 9 Steps That Actually Work

In May 2021, a single compromised password shut down Colonial Pipeline — the largest fuel pipeline in the United States. Gasoline shortages spread across the Southeast. The company paid a $4.4 million ransom in Bitcoin. The root cause wasn't some exotic zero-day exploit. It was a legacy VPN

Carl B. Johnson Jul 01, 2021 7 min read