Cyberberri: cybersecurity you’ll actually use

You’ve Been Locked Out. Good. (AC-7)

This is the last post for 2025. Happy Holidays! You forgot which version of your password you used. Third attempt fails. Fifth attempt fails. Now you’re locked out for 30 minutes. Annoying? Sure. But here’s what else just happened: the system just prevented anyone who doesn’t know your password from guessing it. Including the person in another country whose computer has been trying passwords on your Gmail account since 3 AM. Here’s what’s happening (AC-7) Someone got your email address from a data breach—maybe LinkedIn 2021, maybe Dropbox 2012. Now their computer is trying to log into your Gmail, your bank, your Netflix, your Instagram. The program tries: Password123, YourName2024, your birthday + 123, password variations from other breaches where they know you had an account. This is happening to thousands of email addresses at once. A computer can run through password lists extremely fast when nothing slows it down. AC-7—unsuccessful logon attempts—stops this. After 5 wrong attempts, your Gmail account locks for 30 minutes. What would take 10 minutes for the hacker now takes days. Most attackers move on to accounts without lockouts. Why the lockout works A computer can try thousands of passwords per minute when there’s no limit. But add a 30-minute lockout after 5 attempts, and suddenly trying 1,000 passwords takes 100 hours. The attacker has unlimited time but limited patience. Your Gmail account stops being worth the effort when there are millions of other accounts to try. Next time you see this You get an email: “Your account has been locked due to multiple failed login attempts.” You weren’t trying to log in. Change your password right now. Someone is actively trying to access your account. You get a notification: “Failed login attempt from unknown device.” Don’t dismiss it. Change your password. You lock yourself out because you can’t remember your password variation. Frustrating, yes. But it’s stopping anyone who doesn’t know the exact password. The bottom line AC-7 works automatically. You don’t configure it. But those emails and notifications aren’t spam—they’re warnings. When they show up, act on them. The system is protecting you. Pay attention when it tells you someone’s trying to get in. For more information: cyberberri.substack.com [https://cyberberri.substack.com] This podcast is also available on Apple [https://podcasts.apple.com/us/podcast/cyberberri-cybersecurity-youll-actually-use/id1845878797]Spotify [https://open.spotify.com/show/00Kqqn7lOmq7gwRNzg6fZ8?si=72f8b36bbb6740a8]YouTube [https://www.youtube.com/@theCyberberri] For Cyberberri, check out: YouTube [https://www.youtube.com/@theCyberberri] Coming soon: Instagram [http://instagram.com/thecyberberri] Audio generated from this text using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com [https://cyberberri.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

The One Security Setting That Doesn’t Cost You Anything (AC-11)

We’ve wrapped up the Incident Response controls, and now we’re moving into Access Control—the part that focuses on preventing the wrong people from getting into your accounts and devices in the first place. Most security controls ask you to choose: convenience or protection. Longer passwords are more secure but harder to remember. Two-factor authentication adds friction. VPNs slow things down. Device lock doesn’t work like that. It costs you three seconds to unlock your device, dozens of times a day. What you get: protection against someone gaining physical access to your unlocked screen. What Device Lock Is (AC-11) Your device locks after a set period of inactivity. You need a password, PIN, or biometric to unlock it. That’s it. In NIST 800-53, this is AC-11—the first Access Control we’re covering in this series. Incident response (IR) was about what to do when things go wrong. Access control (AC) is about preventing unauthorized access in the first place. The Actual Concern This isn’t about sophisticated attacks. Device lock protects against opportunistic access—someone shoulder-surfing your screen at a coffee shop, a colleague glancing at your open laptop during a meeting, someone picking up your phone from a table. This happens when someone has physical proximity to your device and you’re not actively guarding it. The barrier doesn’t need to be sophisticated. It just needs to exist. What People Get Wrong The most common mistake isn’t refusing to use device lock—it’s using it inconsistently. Phone locked at 2 minutes, laptop set to 30 minutes or never. Locked at work, disabled at home. The inconsistency is the vulnerability. Set It Up Now Phone: Settings → Auto-Lock → 2-5 minutes Laptop: System Settings → Lock Screen → 5-10 minutes The exact number matters less than having it enabled everywhere. Why This Matters If you’re going to implement one control from this series, pick this one. Not because the threat is catastrophic, but because the effort-to-protection ratio is unmatched. Thirty seconds of setup, minimal friction, real protection against common access scenarios. For more information: cyberberri.substack.com [https://cyberberri.substack.com] This podcast is also available on Apple [https://podcasts.apple.com/us/podcast/cyberberri-cybersecurity-youll-actually-use/id1845878797]Spotify [https://open.spotify.com/show/00Kqqn7lOmq7gwRNzg6fZ8?si=72f8b36bbb6740a8]YouTube [https://www.youtube.com/@theCyberberri] For Cyberberri, check out: YouTube [https://www.youtube.com/@theCyberberri] Coming soon: Instagram [http://instagram.com/thecyberberri] Audio generated from the text using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com [https://cyberberri.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Your Complete Guide to Handling Digital Disasters (IR Controls)

Incident Response: The Complete Picture We’ve covered all eight incident response controls. Here’s how they fit together and what each one does. The Controls IR-4: Incident Handling - Your first steps when something goes wrong. Write down what to do for an email hack, lost phone, or suspicious charges so you’re not making it up at 2 AM. IR-5: Incident Monitoring - Turn on security alerts for your important accounts. You want to know when something weird happens, not find out weeks later. IR-8: Emergency Contact List - Everything in one document. Recovery info, who to call, what to do. When things go sideways, this is what you need. IR-6: Incident Reporting - Who to notify for different types of incidents. Some things you have to report. Better to know who ahead of time. IR-2: Training - Practice your response occasionally. It’s different when you’re actually stressed and something’s wrong. IR-3: Testing - Check that your setup works. Test your backup email, make sure device tracking is on. Find problems now instead of during an emergency. IR-7: Getting Help - Resources for when you need professional help. Fraud services, tech support, identity theft recovery programs. Look these up before you need them. IR-1: Your Overview - One page that points to everything else. Where your plans are, what you care about most, when you call for help. Catching Up Haven’t done all of these yet? Start here. First steps: * Turn on alerts for email and banking * Enable Find My Device on your phone * Write down the first three steps for email compromise * Save actual customer service numbers for your critical accounts Then work on: * Creating your incident response document * Building your “who to notify” list * Looking up help resources * Testing one piece of your setup After that: * Review everything every few months * Test different parts of your system regularly * Practice scenarios when you can * Update contacts and info as things change Why It Matters This isn’t about buying expensive tools or becoming a security expert. You’re using features already available and writing down what to do with them. When something goes wrong - and eventually something will - you’ll have a plan instead of having to figure it out while you’re panicking. What’s Next Coming up: Access Control. Who gets access to what in your digital life, and how to manage that. If this series has been useful, share it. Everyone needs this stuff before they actually need it. New here? Subscribe to get the next control family. For more information: cyberberri.substack.com [https://cyberberri.substack.com] This podcast is also available on Apple [https://podcasts.apple.com/us/podcast/cyberberri-cybersecurity-youll-actually-use/id1845878797]Spotify [https://open.spotify.com/show/00Kqqn7lOmq7gwRNzg6fZ8?si=72f8b36bbb6740a8]YouTube [https://www.youtube.com/@theCyberberri] Check out: YouTube [https://www.youtube.com/@theCyberberri] Coming soon: Instagram [http://instagram.com/thecyberberri] Audio generated from the text using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com [https://cyberberri.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

The Fridge Note That Saves Your Digital Life: Your 60-Second Crisis Map (IR-1)

You’ve built the detailed incident response plan. You’ve documented everything. Recovery codes, contact lists, procedures—it’s all there in perfectly organized folders. But at 2 AM, when your main email is compromised and your brain has turned to soup, where exactly is all that perfect planning? This episode reveals why your most important security document isn’t the detailed IR-8 plan—it’s the one-page IR-1 overview you can grab when you’re panicking. Think of it as the emergency card in your wallet versus your entire medical history. You’ll discover why human memory fails under stress, how to outsource panic thinking to your calm past self, and the three simple categories that transform chaos into clarity in under a minute. You’ll learn: * Why documentation alone isn’t enough (accessibility matters) * How to predetermine your triage priorities before crisis hits * The mental circuit breaker that stops fire-flight overreactions * Where to store your IR-1 so you’ll actually find it under duress From email compromises to ransomware attacks, this foundational framework ensures you can execute your security plan precisely when clear thinking has flown out the window. This is IR-1, the first and most critical control in the Incident Response series—your index, mission statement, and psychological defense mechanism all in one page. Duration: ~10 minutes Subscribe for the complete incident response series (IR-1 through IR-8). Full transcript and show notes: cyberberri.substack.com [https://cyberberri.substack.com] This podcast is also available on Apple [https://podcasts.apple.com/us/podcast/cyberberri-cybersecurity-youll-actually-use/id1845878797]Spotify [https://open.spotify.com/show/00Kqqn7lOmq7gwRNzg6fZ8?si=72f8b36bbb6740a8]YouTube [https://www.youtube.com/@theCyberberri] Check out: YouTube [https://www.youtube.com/@theCyberberri] Coming soon: Instagram [http://instagram.com/thecyberberri] Audio generated from this week’s written post [https://cyberberri.substack.com/p/ir1] using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com [https://cyberberri.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

When Google Can't Save You: Why $150 Beats 3 Days of DIY Panic (IR-7)

Picture this: It’s Tuesday morning. You boot up your computer and everything—your files, photos, tax documents—has a weird extension you can’t open. A ransom note demands $500 in Bitcoin. Your first instinct? Google it. But here’s what that Googling actually costs you. This episode exposes the hidden psychology behind our resistance to calling for help with tech problems. You’ll hear the tale of two paths: three days of DIY stress that might make things worse versus a $150 afternoon fix that actually solves the problem. We break down the real cost of pride, the danger of delay, and why having your emergency contacts lined up now is the ultimate security shortcut. You’ll learn: * Why we resist calling for tech help (but call plumbers instantly) * The exact resources to identify before 2 AM crisis hits * How to distinguish between fraud alerts and fraud recovery * The 10-minute prep that turns disaster into manageable incident Whether you’re facing ransomware or just want to be ready when something breaks, this is your roadmap to knowing when DIY ends and expert help begins. This continues the Incident Response series, showing how IR-7 (external resources) transforms your ability to respond effectively when your own knowledge runs out. Duration: ~10 minutes Subscribe for the complete incident response series (IR-1 through IR-8). Full transcript and show notes: cyberberri.substack.com [https://cyberberri.substack.com] This podcast is also available on Apple [https://podcasts.apple.com/us/podcast/cyberberri-cybersecurity-youll-actually-use/id1845878797]Spotify [https://open.spotify.com/show/00Kqqn7lOmq7gwRNzg6fZ8?si=72f8b36bbb6740a8]YouTube [https://www.youtube.com/@theCyberberri] Check out: YouTube [https://www.youtube.com/@theCyberberri] Coming soon: Instagram [http://instagram.com/thecyberberri] Audio generated from this week’s written post [https://cyberberri.substack.com/p/ir7] using NotebookLM. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit cyberberri.substack.com [https://cyberberri.substack.com?utm_medium=podcast&utm_campaign=CTA_1]