Cyberberri: cybersecurity you’ll actually use

This is the last post for 2025. Happy Holidays! You forgot which version of your password you used. Third attempt fails. Fifth attempt fails. Now you’re locked out for 30 minutes.Annoying? Sure. But here’s what else just happened: the system just prevented anyone who doesn’t know your password from guessing it. Including the person in another country whose computer has been trying passwords on your Gmail account since 3 AM.Here’s what’s happening (AC-7)Someone got your email address from a data breach—maybe LinkedIn 2021, maybe Dropbox 2012. Now their computer is trying to log into your Gmail, your bank, your Netflix, your Instagram. The program tries: Password123, YourName2024, your birthday + 123, password variations from other breaches where they know you had an account.This is happening to thousands of email addresses at once. A computer can run through password lists extremely fast when nothing slows it down.AC-7—unsuccessful logon attempts—stops this. After 5 wrong attempts, your Gmail account locks for 30 minutes. What would take 10 minutes for the hacker now takes days. Most attackers move on to accounts without lockouts.Why the lockout worksA computer can try thousands of passwords per minute when there’s no limit. But add a 30-minute lockout after 5 attempts, and suddenly trying 1,000 passwords takes 100 hours. The attacker has unlimited time but limited patience. Your Gmail account stops being worth the effort when there are millions of other accounts to try.Next time you see thisYou get an email: “Your account has been locked due to multiple failed login attempts.” You weren’t trying to log in. Change your password right now. Someone is actively trying to access your account.You get a notification: “Failed login attempt from unknown device.” Don’t dismiss it. Change your password.You lock yourself out because you can’t remember your password variation. Frustrating, yes. But it’s stopping anyone who doesn’t know the exact password.The bottom lineAC-7 works automatically. You don’t configure it. But those emails and notifications aren’t spam—they’re warnings. When they show up, act on them.The system is protecting you. Pay attention when it tells you someone’s trying to get in.For more information: cyberberri.substack.comThis podcast is also available on AppleSpotifyYouTubeFor Cyberberri, check out: YouTubeComing soon: InstagramAudio generated from this text using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

We’ve wrapped up the Incident Response controls, and now we’re moving into Access Control—the part that focuses on preventing the wrong people from getting into your accounts and devices in the first place.Most security controls ask you to choose: convenience or protection. Longer passwords are more secure but harder to remember. Two-factor authentication adds friction. VPNs slow things down.Device lock doesn’t work like that. It costs you three seconds to unlock your device, dozens of times a day. What you get: protection against someone gaining physical access to your unlocked screen.What Device Lock Is (AC-11)Your device locks after a set period of inactivity. You need a password, PIN, or biometric to unlock it. That’s it.In NIST 800-53, this is AC-11—the first Access Control we’re covering in this series. Incident response (IR) was about what to do when things go wrong. Access control (AC) is about preventing unauthorized access in the first place.The Actual ConcernThis isn’t about sophisticated attacks. Device lock protects against opportunistic access—someone shoulder-surfing your screen at a coffee shop, a colleague glancing at your open laptop during a meeting, someone picking up your phone from a table.This happens when someone has physical proximity to your device and you’re not actively guarding it. The barrier doesn’t need to be sophisticated. It just needs to exist.What People Get WrongThe most common mistake isn’t refusing to use device lock—it’s using it inconsistently. Phone locked at 2 minutes, laptop set to 30 minutes or never. Locked at work, disabled at home. The inconsistency is the vulnerability.Set It Up NowPhone: Settings → Auto-Lock → 2-5 minutes Laptop: System Settings → Lock Screen → 5-10 minutesThe exact number matters less than having it enabled everywhere.Why This MattersIf you’re going to implement one control from this series, pick this one. Not because the threat is catastrophic, but because the effort-to-protection ratio is unmatched. Thirty seconds of setup, minimal friction, real protection against common access scenarios.For more information: cyberberri.substack.comThis podcast is also available on AppleSpotifyYouTubeFor Cyberberri, check out: YouTubeComing soon: InstagramAudio generated from the text using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

Incident Response: The Complete PictureWe’ve covered all eight incident response controls. Here’s how they fit together and what each one does.The ControlsIR-4: Incident Handling - Your first steps when something goes wrong. Write down what to do for an email hack, lost phone, or suspicious charges so you’re not making it up at 2 AM.IR-5: Incident Monitoring - Turn on security alerts for your important accounts. You want to know when something weird happens, not find out weeks later.IR-8: Emergency Contact List - Everything in one document. Recovery info, who to call, what to do. When things go sideways, this is what you need.IR-6: Incident Reporting - Who to notify for different types of incidents. Some things you have to report. Better to know who ahead of time.IR-2: Training - Practice your response occasionally. It’s different when you’re actually stressed and something’s wrong.IR-3: Testing - Check that your setup works. Test your backup email, make sure device tracking is on. Find problems now instead of during an emergency.IR-7: Getting Help - Resources for when you need professional help. Fraud services, tech support, identity theft recovery programs. Look these up before you need them.IR-1: Your Overview - One page that points to everything else. Where your plans are, what you care about most, when you call for help.Catching UpHaven’t done all of these yet? Start here.First steps:* Turn on alerts for email and banking* Enable Find My Device on your phone* Write down the first three steps for email compromise* Save actual customer service numbers for your critical accountsThen work on:* Creating your incident response document* Building your “who to notify” list* Looking up help resources* Testing one piece of your setupAfter that:* Review everything every few months* Test different parts of your system regularly* Practice scenarios when you can* Update contacts and info as things changeWhy It MattersThis isn’t about buying expensive tools or becoming a security expert. You’re using features already available and writing down what to do with them.When something goes wrong - and eventually something will - you’ll have a plan instead of having to figure it out while you’re panicking.What’s NextComing up: Access Control. Who gets access to what in your digital life, and how to manage that.If this series has been useful, share it. Everyone needs this stuff before they actually need it.New here? Subscribe to get the next control family.For more information: cyberberri.substack.comThis podcast is also available on AppleSpotifyYouTubeCheck out: YouTubeComing soon: InstagramAudio generated from the text using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

You’ve built the detailed incident response plan. You’ve documented everything. Recovery codes, contact lists, procedures—it’s all there in perfectly organized folders.But at 2 AM, when your main email is compromised and your brain has turned to soup, where exactly is all that perfect planning?This episode reveals why your most important security document isn’t the detailed IR-8 plan—it’s the one-page IR-1 overview you can grab when you’re panicking. Think of it as the emergency card in your wallet versus your entire medical history. You’ll discover why human memory fails under stress, how to outsource panic thinking to your calm past self, and the three simple categories that transform chaos into clarity in under a minute.You’ll learn:* Why documentation alone isn’t enough (accessibility matters)* How to predetermine your triage priorities before crisis hits* The mental circuit breaker that stops fire-flight overreactions* Where to store your IR-1 so you’ll actually find it under duressFrom email compromises to ransomware attacks, this foundational framework ensures you can execute your security plan precisely when clear thinking has flown out the window.This is IR-1, the first and most critical control in the Incident Response series—your index, mission statement, and psychological defense mechanism all in one page.Duration: ~10 minutesSubscribe for the complete incident response series (IR-1 through IR-8).Full transcript and show notes: cyberberri.substack.comThis podcast is also available on AppleSpotifyYouTubeCheck out: YouTubeComing soon: InstagramAudio generated from this week’s written post using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

Picture this: It’s Tuesday morning. You boot up your computer and everything—your files, photos, tax documents—has a weird extension you can’t open. A ransom note demands $500 in Bitcoin.Your first instinct? Google it. But here’s what that Googling actually costs you.This episode exposes the hidden psychology behind our resistance to calling for help with tech problems. You’ll hear the tale of two paths: three days of DIY stress that might make things worse versus a $150 afternoon fix that actually solves the problem. We break down the real cost of pride, the danger of delay, and why having your emergency contacts lined up now is the ultimate security shortcut.You’ll learn:* Why we resist calling for tech help (but call plumbers instantly)* The exact resources to identify before 2 AM crisis hits* How to distinguish between fraud alerts and fraud recovery* The 10-minute prep that turns disaster into manageable incidentWhether you’re facing ransomware or just want to be ready when something breaks, this is your roadmap to knowing when DIY ends and expert help begins.This continues the Incident Response series, showing how IR-7 (external resources) transforms your ability to respond effectively when your own knowledge runs out.Duration: ~10 minutesSubscribe for the complete incident response series (IR-1 through IR-8).Full transcript and show notes: cyberberri.substack.comThis podcast is also available on AppleSpotifyYouTubeCheck out: YouTubeComing soon: InstagramAudio generated from this week’s written post using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

That backup email you set up two years ago? It might be completely useless when you need it most.This episode reveals why 90% of security plans fail at the worst possible moment—not because they’re badly designed, but because nobody ever tested them. Hear the story of the consulting firm that lost everything because their “backups” were just shortcuts, and the recovery email trap that locks you out permanently.You’ll discover why 15 minutes of testing today beats 3 weeks of panic recovery tomorrow, plus get three simple tests you can run right now to verify your safety nets actually work.From personal accounts to small business systems, this is the uncomfortable reality check that transforms theoretical preparedness into actual resilience.Duration: ~8 minutesSubscribe for the complete incident response series (IR-1 through IR-8).Full transcript and show notes: cyberberri.substack.comThis podcast is also available on AppleSpotifyYouTubeCheck out: YouTubeComing soon: InstagramAudio generated from this week’s written post using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

Ever noticed how your perfect incident response plan turns into complete gibberish the moment a real alert hits? This episode reveals the critical gap between having a plan and being ready to execute it under pressure. We cover incident response training (IR-2), the neuroscience of panic, real-world scenarios of phishing attacks and account lockouts, and practical drills for individuals and small businesses. Learn cybersecurity preparedness tips you can implement today—no formal training required.Subscribe for the complete incident response series (IR-1 through IR-8).Full transcript and show notes: cyberberri.substack.comThis podcast is also available on AppleSpotifyYouTubeComing soon: InstagramYouTubeAudio generated from this week’s written post using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

Ever wonder how a $50 late fee or a six-figure fine could stem from the same mistake? Missing notification deadlines.This episode breaks down IR-6 (Incident Reporting) - the regulatory trap that springs after you think the crisis is over.We cover:Why your credit card's zero liability protection can vanish in 48 hoursThe stolen laptop scenario that leads to regulatory nightmaresHow notification requirements vary wildly state by stateThe specific steps to protect yourself and your business before disaster strikesThe bottom line: You can run a perfect incident response and still get burned if you miss a reporting deadline.Subscribe for the complete incident response series (IR-1 through IR-8).Full transcript and show notes: cyberberri.substack.comInstagramYouTube This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

What’s your first move when your email gets hacked at 3 AM? If you’re scrambling, guessing, or frantically Googling, you’re already losing.In this deep dive, we break down the dramatic difference between improvising during a crisis and simply following your incident response plan. You’ll hear real scenarios—the weekend website hack, the locked-out nightmare—and see exactly how a simple written checklist turns potential catastrophe into a managed incident.You’ll learn:* Why 20 minutes of prep today beats 3 days of panic tomorrow* What actually goes in your IR plan (for businesses AND individuals)* How to store critical recovery info securely* The “tale of two crises” that shows why this mattersWhether you run a boutique law firm or just want to protect your personal accounts, this is your roadmap for when things go wrong. Because they will go wrong—for everyone, eventually.This is Part 3 of the Incident Response series. Building on IR-4 (what to do when things break) and IR-5 (how to spot problems early), IR-8 gives you the written game plan that ties it all together.Subscribe for the complete incident response series (IR-1 through IR-8).Full transcript and show notes: cyberberri.substack.comInstagramYouTube This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

How long would it take you to notice if someone was poking around your most critical digital accounts right now? Days? Weeks? In this deep dive into IR5 (Incident Monitoring), we explore the stark difference between flying blind and having a digital early warning system that could save you thousands of dollars and countless headaches. From the dreaded 2 AM login from Romania to mysterious $347 charges appearing on your credit card, discover why detection must come before response—and get a 15-minute action plan to set up your own digital smoke detector today.Audio generated from this week’s written post using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com

Topics Covered:IR4 incident handling and response planningDigital fire drills for cybersecurityEmail compromise and phone theft scenariosSimple vs. complex incident response plansKey Takeaways:Security incidents are inevitable - preparation is keySimple written plans beat no plans every timeChange email passwords FIRST in device theft (it's the master key)Enable Find My Device on all phones immediatelyAction Items:Business owners: Write 3 basic steps for email compromise responseEveryone: Check that Find My Device is enabled on your phone This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com