Cybersecurity is a vast sector, one which incorporates countless aspects of offline and online vulnerabilities. More than that, it’s something that affects everyone from businesses and not-for-profit organisations to individuals in their everyday lives.
From the outside, it can seem like an overly complex topic, especially for those who aren’t tech-savvy.
One of the biggest barriers to entry is the sheer amount of jargon, acronyms and terminology that can overcomplicate cybersecurity and make people switch off towards the subject.
That’s why we’ve put together this helpful guide to help you break down cybersecurity terminology into something that is easy for you and your staff to understand.
Let’s get started.
A Data Breach is a security incident in which your sensitive, private and often valuable data is stolen, viewed or used by an unauthorised individual. Breaches can involve anything from financial records to corporate intellectual property and represent one of the biggest threats to organisations.
In the vast majority of organisations, an acceptable use policy is a set of guidelines outlined by an organisation which state how employees are supposed to use its resources and equipment.
Access controls are a method of security that manages and controls who or what is allowed to access a computer system or restricted area. It identifies who should have access and verifies details to decide whether to grant or deny access.
Remote working is, quite simply, the act of doing your job away from the office. Whether it’s editing information on the train or accessing your work emails at the coffee shop.
Working on the go can leave you open to dangerous threats, like social engineering and shoulder surfing.
Certain information must be protected so only the authorised individuals can access and view it. This process is known as maintaining information confidentiality.
Shoulder surfing is the practice of physically spying on another user’s electronic device to obtain their personal identification number, password and any other sensitive information.
A Clear Desk Policy directs all members of staff to maintain a clean working space throughout the day and file everything appropriately.
A clear desk policy can include more than just making sure your physical desk is clear, it can include your computer too, requesting that all files are locked away in secure folders within your PC subsystem and that your computer is locked when you leave it unattended.
PCI DSS is an information security standard set out by the Payment Card Industry Security Standards Council to reduce fraud and increase the security around cardholder data.
The standard sets out requirements for how businesses should securely process, store, accept and transmit cardholder data during credit card transactions. To learn more about PCI DSS, click here.
A data subject is any individual whose personal data is being collected, held or processed.
A risk register is used to document all known risks and helps to keep track of them. Risk registers should include the risk impact and likelihood, response taken, and who is responsible for monitoring the risk.
A watering hole is a website that has been infected with malware by a cybercriminal. The term comes from real-life watering holes, which are used by animals like hippos and alligators to hide in, before launching attacks on unsuspecting creatures.
Social engineering covers techniques that cybercriminals use to gain access to sensitive business and personal information.
Cybercriminals can and will use a variety of methods to exploit people from sending an email designed to make them panic, to pretending that they are a new employee that has lost their pass to access unauthorised areas.
Phishing is the most common tactic used by cybercriminals to steal your data. At its most basic, it’s the act of creating realistic-seeming emails which are designed to get you to hand over your personal information.
These emails can mimic big companies, resemble an internal source or make an emotional plea. Awareness and vigilance against phishing are essential to protect your personal data and the data of your organisation.
Smishing is the use of SMS messages that social engineers use to commit phishing attacks.
Vishing is the use of phone calls to conduct phishing attacks.
Standard phishing attacks are designed to be sent to a broad range of individuals to increase the chances of landing a hit. However, some cybercriminals are interested in attacking a single client.
For this, a technique called Spear Phishing is used.
his, more targeted, type of phishing will use specific details gleaned from research to create truly effective and realistic phishing emails. Sometimes the term ‘Whaling’ is used when spear-phishing targets top-level management.
Malware (a contraction of malicious software) is a term used to describe any kind of software that does unwanted things on your computer or device.
These nasties can include slowing your CPU, performing tasks of their own or locking your computer down and demanding a ransom. Some are also capable of tracking your activities and stealing your sensitive data, such as passwords and files.
Malvertising is a blend of malicious advertising. Malvertising is the practice of incorporating malware in online advertisements.
Ransomware is a specific subsect of malware which holds your data to ransom by encrypting all the data on your device or system and demanding payment to return it to an unencrypted state.
Many ransomware attacks feature a countdown timer and will delete your data unless you make payment.
Stalkerware is a class of software which is designed for the smartphone which records your location, the websites you visit, the apps you use and virtually any other data that comes through your smartphone. It then passes that information onto an individual.
In computing terms, Encryption is the process of encoding data so that only authorised parties with the right decryption access can view or edit the data. This is widely used for security purposes, but is also used by designers of Ransomware to lock users out of their own data.
In its basic form, a Keylogger can either be a physical piece of hardware or software that intercepts signals from your keyboard and records every keystroke you make.
Keyloggers intercept the communication between your keyboard and computer, before transmitting that information to a third party. To learn more about keyloggers, read our article here.
A VPN, or Virtual Private Network, is a tool that’s used to make web traffic anonymous by masking the location and encrypting traffic. VPNs are used in business to create secure channels to private servers and in the public sphere to secure browsing and access websites which are region-locked.
SSL, or Security Socket Layer, is a widely used website security protocol that encrypts data sent between you and a website. With an SSL Certificate in place, when your web browser connects the secured and certificated website the connection is encrypted. This protocol has replaced the TLS, or Transport Layer Security.
You can tell whether a website has an SSL certificate by checking if there’s a closed padlock icon at the left of a websites URL.
A Botnet is a network of compromised computers or computer systems, sometimes called a ‘Zombie Network’. To create a malicious botnet, a cybercriminal will compromise several computers and instruct them to run automated programmes on the systems simultaneously.
This can then be used to spread viruses, launch phishing campaigns or crash web servers.
A DOS Attack, or Denial of Service Attack, is when a single computer is used to flood a targeted system, rendering it unable to function for a period.
What is a DDOS Attack?
A DDOS Attack, or Distributed Denial of Service Attack, is when many computers are used to flood a targeted system. These are typically delivered by botnets and are usually global in nature, used to take down larger targets and cause widespread disruption.
ISO (International Organization for Standardization) 27001 is a part of the ISO 27000 family, a group of international standards for Information Security Management Systems (ISMS). It helps organisations to follow best practices to mitigate cyber threats. Learn more about ISO 27001 here.
Tethering is the sharing of your phone or mobile network-capable device’s internet with your computer. This can be done wirelessly or through a wired connection.