Business owners who want to know how to defend their systems and networks from cyber attacks need to learn some common terms and how they apply to their business. Knowledge is power, and in this case, knowledge can protect your business from a security breach and its aftermath. In this post, we’ll take a look at 12 common security terms that every small business owner needs to know.
Malware is software designed to disrupt, leak information, that silently hampers computer security and privacy. It is a class of software that includes a wide variety of threats. Attackers use it to infiltrate, disrupt, and exploit vulnerable computers. Forbes reports that 94% of malware sent to small businesses is delivered via email.
The term malware is often used interchangeably with the word virus, although a virus is actually only one form of malware. Like the biological creatures for which they are named, viruses infect computers—often unnoticed. Viruses spread by copying themselves from one computer to another. Other forms of malware include:
● Bots and botnets
Hackers continue to find new ways to cause problems. Ransomware is a malicious form of malware because it can totally disable a system. The attacker locks or encrypts the user’s computer until a ransom is paid, usually in Bitcoin currency. The most notorious example of ransomware is called WannaCry. The worldwide attack began in 2017, targeting Windows machines, and the typical ransom amount was $300-$600. Microsoft quickly issued security patches to guard against the attack, but not before WannaCry raked in millions of dollars for its perpetrators.
When you want to catch fish, you put out some bait. That’s the idea behind the phishing threat. A phishing attack occurs when a scammer impersonates a business, such as a bank, and fools an unsuspecting user into responding. The most common phishing attacks use emails dressed up to look legitimate and use some pretense to get the victim to click on a link. The action may result in the infection of the computer with malware, capture of sensitive information, or enlistment in a planned denial of service attack.
Phishing emails often try to scare the user into taking action with such warnings as security threats or imminent problems with online accounts. It’s important not to provide private information unless you are certain that you are dealing with a legitimate business. Watch for misspelled URLs and email addresses that look similar to the business the hacker is impersonating.
4. Social engineering
Technical craftiness is not the only weapon in the hacker’s arsenal. Social engineering is the manipulation of people to perform actions that threaten security. As with a phishing scam, hackers try to play on the psychological needs of the victim. When a user feels that something may have gone wrong with an online account, their response is the result of the hacker’s play on their emotions. Creating fear is not the only tactic. Attackers may attempt to gain the trust of a gullible receptionist to get physical access to computer systems. Or they may try to convince an employee that they are from IT and need the employee’s password. Social engineering is a game that attackers play to achieve their illicit objectives.
The term hacker generally refers to a person who uses computer skills to gain access to systems and networks without permission. Hacking is unauthorized intrusion into a computing environment. Variations of the term, however, can include people who actually have good intentions. A white hat hacker, also known as a security consultant or a penetration tester, attacks a client’s IT infrastructure for the purpose of identifying vulnerabilities. Hacking can also be thought of as using unconventional means to deal with computer problems.
6. Sensitive data
Some information must be closely guarded for legal, ethical, or business reasons. Access to sensitive data is limited using an array of security techniques so that unauthorized individuals cannot read or exploit its contents. Some data, such as financial information retained by banks, is highly confidential and under regulation by government agencies. Various privacy laws and codes of conduct require specific controls of critical or personal information.
7. Personally Identifiable Information (PII)
Any data that is unique to you is considered personally identifiable information (PII). That may include your Social Security number, your driver’s license number, your passport number, your bank account number, or your email address. Information that distinguishes you from others can be used by hackers to open credit cards or claim tax refunds. Identity theft has become a serious problem, and there are now services available to monitor it and notify you of any breaches.
In military terms, a breach occurs when an enemy breaks through a wall, barrier, or other defense. An IT security breach is when an unauthorized individual or application gets past the digital defenses created to keep them out. As on a field of battle, the defense of IT resources involves the establishment of a security perimeter that may include such devices as a firewall, an intrusion detection system, or a virtual private network.
In computing terms, a backup is an extra copy of data or an application that is stored in case something happens to the original. Backups may also be taken to archive data for historical purposes. There are different backup methods, such as full, partial, incremental, or differential. Having a backup, especially in a remote location, is an effective strategy for disaster recovery after data damage or loss.
While not a term unique to IT security, the cloud is an area of particular concern for IT security professionals. Whereas traditional IT environments used private data centers to retain data and applications, cloud infrastructures are exposed to potential tampering on the public internet. Cloud security management involves web application security, encryption, access controls, and other disciplines.
Not long ago, a great deal of information crisscrossing the internet was sent in clear text. Hackers with protocol analyzers could actually see a password or other sensitive data as it passed from a user’s computer to a network server. Encryption is the digital encoding of plaintext into a format that is only legible by another computer with a decryption key. Encrypting data keeps it hidden from the prying eyes of hackers.
The term vulnerability comes from the Latin word for “wounded”, and has the connotation of weakness. An IT element that is vulnerable is one that is susceptible to assault, damage, or intrusion by anyone who is intent on attacking it. But vulnerability extends beyond the risk of malicious attack. Systems or networks that are not well-designed and robust can also suffer from poor performance of failure. IT security deals with risks of both intentional and unintentional calamities.