20 important cybersecurity terms SMBs should know

As a busy business owner, it’s often hard to keep ahead of cyber threats and information security. Even the largest organisations struggle to keep pace with the ever changing face of IT security and the challenges it poses. Here are 20 important cybersecurity terms you should know.

FacebookTwitterLinkedIn
20 important cybersecurity terms SMBs should know - 2019 Update

1 November 2019 | SMB, Digitalisation, Cybersecurity | 7 min read

To help SMB owners better understand we’ve put together a glossary of cybersecurity terms. These are the terms small business are most likely to encounter. By having an understanding of these meanings you’ll be able to better identify risks and protect your sensitive data.

Click on the word or phrase below to jump to the explanation:

Backdoor
The term backdoor, is often heard in the context of tech companies providing access to government agencies to personal or business information not normally available to other entities. However, it can also take the form of malware that sidesteps normal security to access sensitive information remotely. This can be used for data theft, DDoS attacks, and to infect visitors to a website.

Bot/Botnet
As the name suggests, a bot is a script or application that can run automated tasks. They can be used for good (think Google bots crawling for content for search) or bad.

When used for bad, a bot can be commanded to perform certain functions, such as spam comment sections of websites, or purchase tickets for events to resell at a higher value. A Botnet is when a number of computers are infected and controlled by a single source, usually to conduct an orchestrated attack.

Business Email Compromise
This is when email fraud, usually via a phishing attack, is used to steal money from a business. Most commonly it comes in the form of an email impersonating an executive within the business requesting an action from the business. In most cases the action will be a transfer of funds.

Captcha
CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Put simply, it is a way for websites to determine whether it is a person using a website and entering information on a form on a website, or a bot, attempting to maliciously infect a site. You may have used a CAPTCHA that asks you to determine obscured letters or pick images that contain certain elements.

DoS/DDoS
DoS stands for Denial of Service. The goal of such an attack is to overwhelm a website’s services with traffic. A DDoS attack uses multiple computers or sources to flood a website/server with requests. The goal of these attacks is to render a service or website unavailable, disrupting commerce and many other functions your business and employees require.

Encryption
Encryption is a process whereby messages are encoded in a way that only the sender and receiver are able to decode. This is designed to make any interception unintelligible and therefore impossible to use maliciously. Most common examples are messaging services such as Telegram or Whatsapp that employ end-to-end encryption.

Endpoint Protection
Also known as Endpoint Security, this method aims to protect a network when being accessed by remote devices, like an employee’s laptop or mobile device. Through the use of software, Endpoint Security allows a business to restrict employee or device access or identify and manage access in order to reduce the associated risks. Many will be familiar with Virtual Private Networks (VPN), which are often required by companies in order for staff to access systems externally.

Firewall
Firewalls are designed to protect unauthorised access to a network. Most people are aware of firewalls through their security software, but they can be part of hardware as well. A firewall is designed to keep unauthorised traffic out, usually by designing a set of rules that excludes bad actors, and protects you and your business’ website from harm.

Identity Theft
One of the more concerning forms of theft around. Identity Theft involves gathering and stealing information about a person in order to impersonate them. Common forms of theft would be accessing their online services or bank accounts.

IP address/spoofing
An IP (Internet Protocol) address is a number assigned to any device or network connected to the internet. These addresses define who communication occurs between on the internet. For example, your computer and a website. Spoofing is when an intruder pretends to be on a trusted IP address to gain access to a network without the need for a password or other identifying factors. This is often used in DDoS attacks.

Keylogger
Otherwise known as Keystroke Logging, this refers to a program that records the keys that are used on a keyboard when someone is using a computer or other device. Apart from being used by IT departments to troubleshoot issues on a computer or network, when it comes to cybersecurity, they can be used to gain access to steal passwords, credit card, or secure business information.

Malware
A shortened term for Malicious Software. Malware is any software program or file that is designed to harm a computer or conduct malicious functions such as stealing sensitive data and performing other tasks without a user’s knowledge. Common forms of Malware include trojan horses, spyware, worms, and keyloggers.

Phishing
Phishing is one of the one of the most common cyber attacks a regular person will face - at work or at home. Phishing scams impersonate trusted sources, such as an email or form on a website, in order to obtain sensitive information, including passwords to bank accounts, online payment systems, and much more. The term is derived from fishing, where it is seen as an attempt to hook a user into providing information using bait.

Ransomware
Ransomware became increasingly popular with the advent of Bitcoin. Most commonly, malware will lock up your computer or data and held hostage until you pay a ransom. In the case of personal users, this might mean your computer is held captive, until you pay a ransom amount in Cryptocurrency (such as Bitcoin). The reason cryptocurrency is chosen is because it is virtually untraceable. For businesses, this can be much worse as business critical data or systems are disabled. There is no guarantee payment will secure release.

SSL
SSL refers to Secure Sockets Layer. Almost all websites use an SSL certificate which authenticates a website and encrypts the links between networks, helping to improve the security of websites you access. You’ll notice a website uses SSL when it displays HTTPS in the browser’s address bar or a lock is shown next to the web address in the address bar.

More recently, Google decided to preference websites in their search results that use SSL and it’s something that all businesses should consider. It’s not just for security but also to improve search results.

Threat Management
Refers to all the security measures that are implemented by a business or organisation in order to combat any and all threats. This may include both software solutions such as anti-virus applications, as well as hardware measures.

Trojan Horse
Taking its name from the Greek Trojan Horse used in the Trojan Wars, computing trojans, work in a similar way. Trojans are often downloaded intentionally as users believe they serve a function as part of an application downloaded from the internet, or as an attached file in an email from a trusted source. They create a backdoor that gives a hacker access to a computer or network.

Virus
A virus is a type of malware that will replicate itself to spread infection to other computers and networks. A virus can be used for everything from simply modifying information on the infected device to causing physical damage.

Vulnerabilities
These are weaknesses in a network or system that create the circumstances for compromise, and exploitations, from theft to viruses, and other malwares. Vulnerabilities can occur when there is no firewall or security and other applications are not kept up-to-date, or have yet to be discovered.

Zero-Day Exploit
Zero-day refers to an attack that is carried out the day an exploit or vulnerability is discovered. Such exploits can go undiscovered for days and sometimes months. This means unfettered access for hackers and untold damage until discovery, or until there has been a chance to resolve the cause of the vulnerability.

Other articles you might like

How the Productivity Solutions Grant helps SMBs stay competitiveShare
Nov 2024 | Business Connect
SMB, digitalisation
How the PSG helps SMBs stay competitive
Innovation and technology need not be out-of-reach and expensive. For SMBs willing to take the jump, the Productivity Solutions Grant (PSG) helps to support companies keen on adopting IT solutions.
5 basic SMB cybersecurity tips that still work todayShare
Nov 2024 | Business Connect
SMB, cyber security, cloud, digitalisation
5 basic SMB cybersecurity tips that still work today
Owing to their smaller sizes and lack of resources compared to larger enterprises, SMBs can become easier targets for cyber criminals. By following these tried-and-tested cybersecurity best practices, they can reduce the odds of cyber incidents today.
5 things to consider when choosing your business broadbandShare
Nov 2024 | Business Connect
SMB, digitalisation, connectivity
5 things to consider when choosing your business broadband
Whether you are a new business setting up broadband for your office, or you're looking to switch to another plan, keep in mind these five questions before you make the decision.

Ready to get more out of digitalising your business?