The world of cybersecurity is filled with terms and tactics that may be hard to keep up with—or to even understand in the first place. Unfortunately, business owners and their employees can’t afford blind spots when it comes to keeping their network safe. This article will provide a comprehensive guide on cybersecurity terms everyone needs to know, as well as how these scams work and how to avoid them.
Key Cybersecurity Terms You Need to Know
The world of cybersecurity is vast and terminology comes to the fore frequently. That said, there are several core terms that remain relevant even as tactics change. This section will include the A-Z terms constituting the bulk of the article.
Two-factor authentication—known as 2FA for short—is a security measure that adds a layer of authentication to the login process. 2FA usually takes the form of both a password as well as a one-time code sent to an email address or generated from an authentication app.
Advanced Persistent Threats (APT)
APTs are slow and persistent attacks that infiltrate a network and remain inactive until the ideal moment to steal information, shut down systems, or infect systems with ransomware.
A security breach occurs when someone without their own credentials is able to access one or more parts of your computer system or network. Security breaches can from anywhere, such as a stolen or cracked password or software vulnerabilities.
Cloud computing can take a variety of forms. For most businesses, this means moving its technology tools (e.g. email, spreadsheets, databases) off-site to a third-party destination. These destinations are large servers operated by businesses with robust cybersecurity tools, often much stronger than what an individual business could afford to build and implement.
The unlawful transfer and collection of a business’ confidential, proprietary, or financial information. Data theft can consist of email passwords, institutional logins, customer information, employee data, or any other information that third-parties should not have access to.
How information is converted into secret code that obscures the data within. Encryption breaks apart the data in a file so it’s unreadable unless you have the right encryption key, which then rearranges data into the right sequence.
A firewall blocks certain Internet Protocol (IP) addresses from accessing a computer or computer network. A firewall prevents employees and outsiders from accessing compromised websites, or from inbound requests from disreputable addresses.
Hardware or software that connects two networks for data sharing. Email communications use a gateway to pass messages back and forth, for example. Compromised gateways can lead to security breaches.
Accessing a computer or network without authorization. Hackers probe software or networks for vulnerabilities that can give them access to data not meant to be distributed.
An IP address is a code assigned to every computer that accesses the internet. Websites also have IP addresses, although most use web addresses instead.
A programming language designed to let you generate and modify website content. One of the most common languages in use today, there are several vulnerabilities, such as malicious code and Cross-Site Scripting (XSS).
Keylogging software (or hardware, in some cases) tracks a user’s keyboard entries, which can result in data loss and further cyber attacks for a business.
Shares of salacious or compelling social media posts that trick users into clicking on links, sharing videos, or liking content that’s fraudulent.
A portmanteau of “malicious software,” is an umbrella term for software and apps that, once installed, can result in data or information theft. Malware can also shut down (or even destroy) networks and computers, or hold logins for ransom (known as ransomware).
Network Behavior Analysis (NBA)
NBA helps keep networks secure through the analysis of user behavior. These tactics help uncover unusual or unsafe behavior by bad actors.
Code that’s developed openly, with its contents available for all to see. Open Source code is released under licenses that allow people to use or modify the software.
Phishing refers to tactics that use email in order to deceive recipients into giving up sensitive information. Phishers will often replicate emails from trusted senders, only to manipulate links or communications to have users submit data unwittingly.
Qualitative Risk Analysis
A way to evaluate risks to your computer system or network that assigns priorities to the level of risk something poses. Tiers are usually low, medium, or high.
Ransomware is a form of malicious software that, once installed, can render a user’s computer or login useless unless they pay a ransom to a hacker or hacking group.
Scamming attempts are similar to phishing attacks: a cyber criminal pretends to be an individual or institution they are not. Scammers may also email you about a financial transaction or say you’ve won a prize in order to get sensitive information from you.
Spearphishing is a more concerted, direct effort to pry one or more people for valuable information. Criminals identify a person within an organization with access to sensitive information, only to pose as an important person (e.g. a manager or c-suite executive) in order to get the recipient to share data.
Cyber criminals can impersonate a person within an organization via email, only for the recipient to send over sensitive materials under the assumption that the sender is who they say they are. Email spoofing preys on the victim not scrutinizing a message thoroughly enough before reacting.
Spyware is a category of malware designed to snoop on the user’s mobile device or computer. These tools can extract valuable information—sometimes by controlling the device remotely once hackers have access.
Active efforts to anticipate and find threats to your network. May include antivirus, firewall, or 24/7 monitoring components, particularly for business applications.
Another term for web address, URLs can often be spoofed either by intentional misspellings, fraudulent domain addresses (e.g. .co instead of .com), or characters that look similar to regular letters.
Virtual Private Network (VPN)
A VPN connects your computer to another server to transfer information. A business might use a VPN to give users access to its servers, whereas an individual might use a VPN to obscure their web traffic as an extra layer of protection.
Employee desks, desktops, and laptops. It’s advised that employees lock their computers when away from their workstation to prevent unauthorized users from accessing documents. Workstations should not have passwords written down anywhere near them, as this poses a security threat as well.
Excel document files. Excel files can contain malicious code that enables cybercriminals to obtain access to a computer or network.
A vulnerability in which attackers overwhelm a cloud platform with bogus traffic, thus blocking the service of legitimate users. It is a variant of the Distributed Denial of Sustainability (DDoS) attacks, which intentionally disrupts website functionality.
A Zero-day exploit is a software vulnerability that a software developer is unaware of. Developers then need to fix the issue as quickly as possible as it is able to spread until dealt with.
Knowing the ABCs of cybersecurity
These are just a few of the top cybersecurity terms you will want to know in order to stay safe online. The more you know about cybersecurity, the better prepared you are to keep you and your business network guarded against attack.