Tag

Zero Trust

Understand the Zero Trust security model, which operates on the principle of never trust, always verify. Posts cover Zero Trust architecture, identity verification, micro-segmentation, least-privilege access, and practical steps for implementing Zero Trust frameworks across enterprise environments.

posts

Password Hygiene Tips

Password Hygiene Tips That Actually Stop Breaches

The 80% Problem Nobody Wants to Talk About The 2024 Verizon Data Breach Investigations Report found that stolen credentials were involved in roughly 31% of all breaches over the past decade — and that human-element breaches, including credential theft and phishing, accounted for nearly 68% of incidents in their latest dataset.

Carl B. Johnson Nov 02, 2019 6 min read
Work From Home Cybersecurity

Work From Home Cybersecurity: A Real-World Guide

In early 2024, a finance employee at a multinational firm in Hong Kong joined a video call with what appeared to be the company's CFO and several colleagues. Every person on the call was a deepfake. The employee transferred $25.6 million to threat actors before anyone realized

Carl B. Johnson Sep 28, 2019 7 min read
Securing Remote Employees

Securing Remote Employees: A Practical Guide for 2026

In 2023, a single remote employee at a major casino operator received a phone call from someone claiming to be IT support. That social engineering attack — a vishing call lasting roughly ten minutes — gave threat actors the foothold they needed to deploy ransomware across MGM Resorts' entire network, causing

Carl B. Johnson Sep 28, 2019 8 min read
VPN Best Practices

VPN Best Practices: What Actually Protects You in 2026

The Ivanti Breach Changed How I Think About VPNs In early 2024, CISA issued an emergency directive after threat actors exploited vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate multiple federal agencies. The attackers didn't brute-force passwords. They didn't trick users with phishing emails. They

Carl B. Johnson Sep 28, 2019 7 min read
Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Why Yours Fails

The Policy Gathering Dust in Your Shared Drive In 2023, the city of Dallas was hit by a Royal ransomware attack that crippled municipal services for weeks. Investigators traced the initial access back to a service account and poor access controls — exactly the kind of risk a well-enforced acceptable use

Carl B. Johnson Sep 20, 2019 7 min read
Cybersecurity for Law Firms

Cybersecurity for Law Firms: A Practical Defense Guide

Why Threat Actors Treat Law Firms Like ATMs In 2023, the international law firm Bryan Cave Leighton Paisner disclosed a breach that exposed the personal data of over 51,000 individuals — including clients of major corporations like Mondelēz. That same year, an Am Law 100 firm paid a multimillion-dollar ransom

Carl B. Johnson Sep 10, 2019 7 min read
Cloud Security Best Practices

Cloud Security Best Practices That Stop Real Breaches

A Single Misconfigured S3 Bucket Exposed 3 Billion Records In 2023, researchers at Cybernews discovered what they called one of the largest data exposures ever — over 3 billion records sitting in an open cloud storage instance. No sophisticated hack. No zero-day exploit. Just a misconfigured Amazon S3 bucket with public

Carl B. Johnson Sep 10, 2019 8 min read
Cloud Storage Security Risks

Cloud Storage Security Risks Your Team Is Ignoring

A Single Misconfigured Bucket Cost Them Everything In 2023, Toyota disclosed that a cloud misconfiguration had exposed the vehicle location data of 2.15 million customers for over a decade. The root cause wasn't a sophisticated threat actor. It was a single storage bucket set to public instead

Carl B. Johnson Sep 10, 2019 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical Guide for 2026

The Misconfiguration That Exposed 100 Million Records In 2019, a former Amazon Web Services employee exploited a misconfigured web application firewall to breach Capital One's cloud infrastructure. The result: over 100 million customer records exposed, a $190 million class-action settlement, and an $80 million fine from the OCC.

Carl B. Johnson Sep 10, 2019 7 min read