Tech Networks of Boston | Blog

Nonprofit Cybersecurity Cheat Sheet

Written by Ashley Fontes | Aug 7, 2017 8:47:04 PM

Ransomware…Spoofing…Spear-Phishing….

With cybersecurity in the headlines every day, it’s important to know what the terms mean to better educate yourself and your users. We’ve made a cheat sheet of cybersecurity jargon that you need to know.

Authentication: A process, such as a login and password combination, used to identify a user, process, or device prior to granting access to a system. Two-factor authentication is a verification process using several elements or stages, such as a verification code sent to an email or phone number in addition to a login and password.

Bring your own device (BYOD): The authorized use of personally owned mobile devices such as smartphones or tablets in the workplace.

Brute force attack: The attempt to gain access to a network using repeated guesses at passwords or Data Encryption Standard keys.

Business Continuity Management: Preparing for and maintaining continued business operations following disruption or crisis.

Business Continuity Plan: The process of creating systems of prevention and recovery to deal with potential threats to a company.

Clickjacking: An exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website.

Cryptolocker: A Trojan ransomware that encrypts files on an affected system and demands ransom for recovering the data back. It first appeared on the Internet in 2013 and was targeted at Windows-based computers.

Cybersecurity: Broad term referring to the practice of keeping computers and electronic information safe and secure.

Denial of Service attack (DoS): A security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

Digital forensics: The process of uncovering and interpreting electronic data.

Disaster recovery: Involves a set of policies, procedures and tools to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

Encryption: Encryption prevents unauthorized access to your data, from emails to bank details, by keeping communication secure between the parties involved. Encryption is available through software, but most computer systems are already set up to encrypt all of your data.

Endpoint Security: In network security, endpoint security refers to the methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.

Exploit: A piece of code that uses software vulnerabilities to access information on your PC or install malware.

Firewall: Monitors and controls the incoming and outgoing traffic based on predetermined security rules.  Establishes a barrier between a trusted, secure internal network and untrusted networks (e.g. internet).

IT Security Assessment: An explicit study to locate IT security vulnerabilities and risks.

Malware: Short for "malicious software," is any program or file embedded into a system to run an unauthorized process for the purposes of capturing information, sabotaging the system, holding it for ransom, or other negative actions.

Phishing: A social engineering method to try to trick a user into providing sensitive information. An example of this would be a spoofed email message, which appears to come from a legitimate IP address belonging to a bank or major Internet site. The email requests the target enter their login and password or financial information. Spear phishing is the same type of approach, but with information targeting a specific individual or organization.

Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.

Social Engineering: The art of manipulating people so they give up confidential information, whether it be passwords, bank information, or access to your computer to install malicious software.

Spoofing: Sending an email disguised to look like it is coming from someplace besides its actual origin. The IP address may be changed, the email address may mimic a known domain, and the email formatting may imitate the design attached to a well-known company or site.

Spyware: Malware that passes information about a computer user’s activities to an external party.

Virus: Malware that is loaded onto a computer and then run without the user’s knowledge or knowledge of its full effects.

Watering hole: A specific website that attackers have identified as being frequently visited by their intended target. The attacker places malicious links to malware on the site in the hope that the target will be infected when they go there.

Zero day: A software exploit that hasn’t been disclosed or patched by the software vendor.

If you are concerned with any of these security issues, please contact us -- we can cost-effectively improve your organization’s IT security with an IT Security Assessment, Phishing Testing, and Security Awareness Training.