Be honest. When you hear or read the words ‘cyber security’, do your eyes glaze over and ‘I don’t need to worry about this’ or ‘cybercrime won’t happen to me’ pops into your mind? The only problem with this is that you do need to consider it as the chances of experiencing a cyberattack are very real.
Whether you receive a suspicious text on your phone asking for payment, or an email from someone pertaining to be a colleague asking you to send over business-critical documents are just a couple of cyber threats that can happen to anyone at any time.
Staying cyber resilient is so important to your business and yes, the terminology that comes with it can be rather intimidating at times. At the Cyber Resilience Centre for Wales (WCRC) we are fully committed to making all things cyber-related much more digestible for small businesses especially ones that don’t have the internal IT support that a lot of the bigger companies have access to.
To get you started below is a list of the most frequently used cyber terms and what they mean.
2FA – Two-factor authentication is the use of two different components to verify a user's claimed identity. Also known as multi-factor authentication (see below).
Anti-virus - Software that is designed to detect, stop and remove viruses and other kinds of malicious software
Breach/data breach - An incident in which data, computer systems or networks are accessed or affected in a non-authorised way.
Encryption - A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.
Malware - Malicious software is a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals.
MFA - An authentication method that requires the user to provide two or more verification factors to gain access, also known as two-factor authentication (2FA).
Patching - Applying updates to firmware or software to improve security and/or enhance functionality.
Phishing - A cybercrime in which a target(s) are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Ransomware - Malicious software that makes data or systems unusable until the victim makes a payment
Smishing - Phishing via SMS: mass text messages sent to users asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website.
Social engineering - Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker
Spyware - Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors are different types of spyware. Spyware monitors and stores the victim’s internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals so it can be used in consequent cyberattacks.
Virus - Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.
VPN – A virtual private network (VPN) is an encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations
Vulnerability - A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.