Cybersecurity is a vast sector incorporating countless aspects of offline and online vulnerabilities. More than that, it affects everyone, from businesses and not-for-profit organisations to individuals in their everyday lives.
From the outside, it can seem like an overly complex topic, especially for those who aren’t tech-savvy. One of the biggest barriers to entry is the sheer amount of jargon, acronyms and terminology that can overcomplicate cybersecurity and make people switch off towards the subject.
That’s why we’ve put together this helpful guide to help you break down cybersecurity terminology into something easy for you and your staff to understand.
Let’s get started.
In most organisations, an acceptable use policy is a set of guidelines outlined by an organisation that states how employees are supposed to use its resources and equipment.
Access controls are a security method that manages and controls who or what is allowed to access a computer system or restricted area. It identifies who should have access and verifies details to decide whether to grant or deny access.
An antivirus is a type of software program that scans for and removes malware from devices.
A Botnet is a network of compromised computers or computer systems, sometimes called a ‘Zombie Network’.
To create a malicious botnet, a cybercriminal will simultaneously compromise several computers and instruct them to run automated systems on the systems.
This can then be used to spread viruses, launch phishing campaigns or crash web servers.
A policy that allows employees to use personal devices instead of company devices to connect to an organisation’s network and access business applications and data.
A Clear Desk Policy directs all staff members to maintain a clean working space throughout the day and file everything appropriately.
A clear desk policy can include more than just making sure your physical desk is clear; it can also include your computer, requesting that all files are locked away in secure folders within your PC subsystem and that your computer is locked when you leave it unattended.
A Data Breach is a security incident in which your sensitive, private and often valuable data is stolen, viewed or used by an unauthorised individual. Breaches can involve anything from financial records to corporate intellectual property and represent one of the biggest threats to organisations.
A data subject is any individual whose personal data is being collected, held or processed.
Encrypted web content which isn’t indexed by search engines or accessible through standard web browsers. Users need specialised software to access the dark web, like the Invisible Internet Project (I2P) or Tor browser. These browsers route user web page requests through third-party servers, hiding their IP address.
A DDOS Attack, or Distributed Denial of Service Attack, is when many computers are used to flood a targeted system. These are typically delivered by botnets and are usually global in nature, used to take down larger targets and cause widespread disruption.
A digital footprint is a unique trail of personal data every internet user leaves behind when engaging in digital activities. This data is typically publicly available and can be used to impersonate you. To learn more, why not check out our Digital Footprint course?
A DOS Attack, or Denial of Service Attack, is when a single computer is used to flood a targeted system, rendering it unable to function for a period.
In computing terms, Encryption is the process of encoding data so that only authorised parties with the right decryption access can view or edit the data. This is widely used for security purposes but is also used by designers of Ransomware to lock users out of their own data.
A network security device that filters all network traffic (incoming and outgoing) to prevent unauthorised access based on predetermined security rules. It's important to note, however, that Firewalls must be continually updated in order to maintain effectiveness.
Certain information must be protected so only authorised individuals can access and view it. This process is known as maintaining information confidentiality.
A network of physical objects with embedded sensors that connect to and exchange data over the internet in real time.
ISO (International Organization for Standardization) 27001 is a part of the ISO 27000 family, a group of international standards for Information Security Management Systems (ISMS). It helps organisations to follow best practices to mitigate cyber threats. Learn more about ISO 27001 here.
In its basic form, a Keylogger can either be a physical piece of hardware or software that intercepts signals from your keyboard and records every keystroke you make.
Keyloggers intercept the communication between your keyboard and computer before transmitting that information to a third party. To learn more about keyloggers, read our article here.
Malvertising is a blend of malicious advertising. Malvertising is the practice of incorporating malware in online advertisements.
Malware (a contraction of malicious software) is a term used to describe any software that does unwanted things on your computer or device.
These nasties can include slowing your CPU, performing tasks of their own or locking your computer down and demanding a ransom. Some can also track your activities and steal sensitive data, such as passwords and files. Click here for our article breaking down the types of malware.
An authentication method where users must prove their identity using at least two different credential types before receiving access. This is increasingly standardised online, but may be called two-factor authentication (2FA).
A set of cybersecurity best practices that organisations can use to manage their security risks. The framework is voluntary guidance.
PCI DSS is an information security standard set out by the Payment Card Industry Security Standards Council to reduce fraud and increase the security around cardholder data.
The standard sets out requirements for how businesses should securely process, store, accept and transmit cardholder data during credit card transactions. To learn more about PCI DSS, click here.
Known colloquially as pen testing. A simulated cyber-attack against a web application, computer system, or network. The goal of penetration testing is to find any vulnerabilities that could be exploited by threat actors and test defenders’ security posture.
Phishing is the most common tactic cybercriminals use to steal your data. At its most basic, it’s the act of creating realistic-seeming emails designed to get you to hand over your personal information.
These emails can mimic big companies, resemble an internal source or make an emotional plea. Awareness and vigilance against phishing are essential to protect your personal data and your organisation's data.
Ransomware is a specific subsect of malware which holds your data to ransom by encrypting all the data on your device or system and demanding payment to return it to an unencrypted state.
Many ransomware attacks feature a countdown timer and will delete your data unless you make a payment.
Remote working is, quite simply, the act of doing your job away from the office. Whether it’s editing information on the train or accessing your work emails at the coffee shop.
Working on the go can leave you open to dangerous threats, like social engineering and shoulder surfing.
A risk register is used to document all known risks and helps to keep track of them. Risk registers should include the risk impact and likelihood, response taken, and who is responsible for monitoring the risk.
Shoulder surfing is the practice of physically spying on another user’s electronic device to obtain their personal identification number, password and any other sensitive information.
Smishing is using SMS messages that social engineers use to commit phishing attacks.
Social engineering covers techniques cybercriminals use to access sensitive business and personal information.
Cybercriminals can and will use a variety of methods to exploit people, from sending an email designed to make them panic to pretending that they are a new employee that has lost their pass to access unauthorised areas.
Standard phishing attacks are designed to be sent to a broad range of individuals to increase the chances of landing a hit. However, some cybercriminals are interested in attacking a single client.
For this, a technique called Spear Phishing is used.
This more targeted type of phishing utilises specific details gleaned from research to create truly effective and realistic phishing emails. Sometimes the term ‘Whaling’ is used when spear-phishing targets top-level management.
SSL, or Security Socket Layer, is a widely used website security protocol that encrypts data sent between you and a website. With an SSL Certificate in place, the connection is encrypted when your web browser connects to the secured and certificated website. This protocol has replaced the TLS, or Transport Layer Security.
You can tell whether a website has an SSL certificate by checking if there’s a closed padlock icon at the left of a website's URL.
Stalkerware is a class of software designed for smartphones that record your location, the websites you visit, the apps you use and virtually any other data that comes through your smartphone. It then passes that information onto an individual.
Tethering is the sharing of your phone or mobile network-capable device’s internet with your computer. This can be done wirelessly or through a wired connection. This is typically more secure than using an open public WiFi.
Vishing is the use of phone calls to conduct phishing attacks. These calls will purport to be from a legitimate source, like the Royal Mail, Amazon or your bank, but will, in fact, be scammers looking to utilise psychological principles like fear to convince you to hand over your personal information.
A VPN, or Virtual Private Network, is a tool that makes web traffic anonymous by masking the location and encrypting traffic. VPNs are used in business to create secure channels to private servers and in the public sphere to secure browsing and access websites which are region-locked.
A watering hole is a website that has been infected with malware by a cybercriminal. The term comes from real-life watering holes, which are used by animals like hippos and alligators to hide in before launching attacks on unsuspecting creatures.
Whaling is a type of phishing attack that targets high-level executives. Whaling attacks typically involve complex and hard-to-spot social engineering efforts that use knowledge about an executive’s professional and personal network against them.
Don't forget to bookmark this page in your browser so you can refer to it the next time you're confused by some cybersecurity jargon!