Essential cybersecurity terms your business has to know

Essential cybersecurity terms your business has to know

Adapting to the wave of technology is already a challenging task for businesses of all sizes, and learning the lingo around it isn’t any easier. However, becoming familiar with the terms and adopting these can empower your business to take advantage of technology better. This gives you a competitive edge because you’ll have a company that’s ready for the future.

In this post, we'll focus on cybersecurity jargon. Here are some of the most important terms everyone in your business should be familiar with:

Advanced persistent threat (APT): This is a security breach that allows an attacker to gain control of a system for an extended period without the victim’s knowledge. This may come in the form of a zero-day exploit (see entry below) or a malware infection, which allows the hacker to retain their access privileges even after attack points have already been blocked.

Antivirus software: Antiviruses are a type of security software used to detect, quarantine, and remove malicious software on PCs, Macs, and mobile devices. This software, despite its name, also covers other forms of malware like worms, Trojan horses, ransomware, and spyware, among others.

Authentication: The process of proving the identity of a user. This can be accomplished by inputting a password, PIN, or pattern, or providing physical items like smart cards and flash drives. Authentication methods have recently evolved to include fingerprint, face, iris, or voice scans.

Backup: A backup is a copy of one or more files used as a substitute in case of data corruption, loss, or theft. This may be caused by natural and man-made disasters such as forest fires, earthquakes, malware attacks, and other similar incidents. Backups can be saved in physical drives or servers, or in third-party cloud servers where files are hosted on the internet for data redundancy (see definition below) and security.

Bring your own device (BYOD): This is a work policy that permits employees to bring their personal devices like laptops, smartphones, and tablets to the workplace and use them to get tasks done. More companies are starting to come up with their own BYOD policy as it provides better employee flexibility, which in turn leads to higher productivity and morale.

Cloud computing: This is a process of using a network of internet-based remote servers to store, manage, and process data. Cloud computing, in theory, is more secure than operating on local servers and hard drives due to the former’s data redundancy (see definition below) features.

Data breach: A data breach is the deliberate or unintentional exposure of sensitive company information to an unauthorised party caused by an organised crime or an insider attack. This may involve financial information such as credit and debit card details, protected health information (PHI), personally identifiable information (PII), and trade secrets.

Data redundancy: This is a condition within a data storage technology where the same piece of data is stored in two separate places. This can mean two locations in a single database, or two spots in multiple software environments.

Distributed denial-of-service (DDoS): DDos is an attack method where a hacker enlists thousands of different computers to target an internet-accessible system and flood it with connection requests. Once traffic becomes too much to handle, the system will crash and be rendered unusable.

Exploit kits: These are automated threats that utilise compromised websites to divert web traffic and run malware.

Firewall: A firewall is a network security device that monitors incoming and outgoing network traffic. It can also allow or block specific connection requests based on a defined set of security rules.

Hacker: This is a person who is knowledgeable in analysing computer systems, modifying their functions, and altering their capabilities. They can either be called ethical hackers (also known as white hat hackers) or malicious hackers (known as black hat hackers). Hackers can range from skilled programmers to those who have little IT experience.

Identity fraud: This is an act of identity theft wherein a criminal uses the stolen information of another individual to make transactions or agreements as that individual.

Information security: More commonly known as “infosec,” this is the practice of preventing unauthorised access, use, disclosure, modification, recording, or destruction of information, may it be electronic or physical.

Keylogger: A type of surveillance software that can record keystrokes made on a system. It can capture instant messages, email, usernames, passwords, and other personally identifiable information (PII) typed on a keyboard.

Download our free eBook!

Find out how hackers cause destruction on small and medium sized businesses and learn how to protect your business by reading our free eBook: A Business Owner's Guide to Cyber Security

Download now!

Malware: Short for malicious software, malware refers to any program written with the intent of causing harm, disclosing information, or violating the security of a computer system. It can take the form of worms, viruses, Trojan horses, remote access Trojans (RATs), rootkits, ransomware, and spyware.

Managed IT services provider (MSP): MSPs are IT organisations that deliver managed services such as IT processes for a client under a subscription model. They can, for example, deploy Office 365 subscriptions to every PC in the client’s office or offer mobile device management services (see definition below).

Mobile device management (MDM): Security software that enables IT administrators to control and monitor the number of mobile devices registered in the company network. MDM can be useful to prevent the leak of sensitive files and wipe gadgets clean of data if they get lost or stolen.

Multifactor authentication (MFA): MFA is an authentication method that, in addition to asking users for their usernames and passwords, makes them enter one-time smartphone codes or scanners verifying their face or fingerprint. Even if a hacker acquires a password, the attempt will still be futile if it fails to fulfill the succeeding security measures.

Network monitoring: This is a systematic scan to detect slow or failing network components like faulty servers, routers, and switches. MSPs typically provide this service to uncover problems and fix them before they inflict serious damage to the organisation.

Patch management: This refers to the process of researching, testing, approving, and installing updates and patches to computer systems. A patch may correct, improve, or expand existing software through the introduction of new code by the application developer. Patch management is essential to prevent downtime and minimise software vulnerabilities.

Phishing: This is the fraudulent practice of sending emails claiming to be from a legitimate entity (e.g., a bank or a co-worker) to steal personal and financial information. These messages typically contain links that imitate a legitimate company’s website to trick the user into handing over their information. Phishing can also be done via voice calls and short messaging service (SMS).

Pretexting: This type of cyberattack involves a scam where the liar pretends to need information to confirm the identity of the person they are talking to. After establishing trust, the “pretexter” will usually ask a series of questions designed to gather key information such as social security numbers, mother’s maiden name, or date of birth.

Ransomware: This type of malware encrypts files in a computer system and denies access to users unless a ransom is paid, usually in Bitcoins or MoneyPak cards. Ransomware is typically sent through email, but can also be found in exploit kits (see definition above) and malicious links.

Scareware: This type of malware is designed to trick victims into purchasing and downloading useless or potentially harmful software. Scareware can mimic Windows system messages to induce a sense of urgency and make it look like the information is coming from the operating system (OS) itself. These messages usually say that a large number of malware infections has been detected on the system, and the user should buy their software to remove the issues. However, doing so will do nothing other than provide money to the criminals.

Service level agreement (SLA): This defines certain requirements or standards that an MSP has agreed to meet. For instance, penalties can be incurred by an MSP if the service they provided is less stellar than the set standards. Alternatively, the service provider can be rewarded when they provide superior performance.

Social engineering: This attack vector involves any act that tricks a person or a group of users into divulging personal or confidential information that may be used for fraud. Phishing (see definition above) is one of the most popular ways to conduct social engineering, aside from pretexting and scareware (see definitions above).

Software-as-a-Service (SaaS): SaaS is a distribution model that makes computer programs available over the internet rather than being installed locally on machines. They are paid for as a monthly subscription rather than as a one-time purchase. Known SaaS programs include Office 365 and Google Apps.

Virus: This form of malware can self-replicate and cause the corruption and destruction of data. It is typically attached to legitimate programs or documents to execute its code.

Zero-day exploit: Zero-days are cyberattacks that target vulnerabilities that the software publishers themselves are not aware of when they released their software program. This makes it easy for a cybercriminal to exploit the vulnerability because of a lack of security updates from the software developer.

Worried about how cybersecurity concerns complicate operations? Let Office Tek be of service to you. Talk to our consultants to learn how we’ll protect your data from the latest threats 24/7/365.

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts

Don’t waste time, money, and effort trying to DIY an IT network for your business. Read our eBook to learn whyDownload now