Security matters: cyber security jargon buster

Cyber security is (or should be) at the forefront of your mind as a small business. No matter the size of your business or the industry you work in, legions of attackers would like nothing more than to breach your defences and steal your most precious secrets and finances.

But to the untrained, the world of security can seem alien, and often the sheer number of terms used can feel like a foreign language.

To help with that, here is our list of some of the most widely used terms in cybersecurity.

Viruses, Malware, Worms, etc.

We’re all generally aware of ‘viruses’, and the threat they pose, but there are a few nuances to this type of threat.

Viruses can be considered as similar to the viruses (cold, flu, etc.) that we all as human beings tend to find very hard to avoid. Just like viruses spread from person to person through close contact, so viruses can spread between computers on your network.

They are usually spread through emails, or infected files. If a user clicks on an infected file, for example, that could cause the virus to infect the files on their computer, which in turn might ultimately be used to infect someone else’s system.

Malware is basically any type of software designed to cause damage. It can be used to record keystrokes for stealing password information, or even erase the data on a hard drive.

Ransomware is a particular type of malware that locks the files and folders on a computer, making them inaccessible without access to a ‘key’, that the attacker will kindly offer to sell you (usually for a large number of Bitcoins). The problem is cybercriminals rarely actually unlock your data even if they are paid. You can protect your data from ransomware by ensuring it is safely backed up – to the cloud or another offsite location ideally.

Worms are malware programs that, once on a system, replicate themselves and spread to other systems on the network. Unlike viruses that depend on some kind of action (often unknowing) from the user, worms can seek out network vulnerabilities and spread by themselves.

Spyware is software used to monitor the activity of a user. It is often bundled with legitimate-looking software to deceive the user into running it and can be used as a way of collecting user data – like passwords or financial information.

Phishing is usually carried out in the form of an email, pretending to be from a real business or someone you know. Phishing emails tend to contain a file that you are encouraged to open, or a link to take you to a malicious website. Training employees to spot phishing emails is a great way to reduce the risk of catching viruses or inadvertently giving away sensitive information.

Antivirus software

Also known as antimalware, this type of software will scan for known viruses, helping to block potential threats. Because new threats are emerging all the time, antivirus software should be kept up to date. Often, antivirus software will monitor your system in the background, but you should also plan to do a more thorough ‘full’ scan at regular intervals.

Hackers and breaches

Hackers are those criminals who love nothing more than to probe your network and systems, looking for vulnerabilities. Their intent is usually to do some kind of harm to your network and/or to steal valuable information.

If a hacker manages to gain access to your network, this is considered a breach. UK government research reports that 39 per cent of businesses suffered a security breach in the 12 months to March 2021.

Hackers will often take advantage of vulnerabilities in your network; that is, the weaknesses of your various connected devices. Many vulnerabilities can be reduced simply by keeping antivirus software, operating systems and firewalls up to date.

Endpoints

Speaking of connected devices, the weakest (or at least most susceptible to attack) parts of your network are often the endpoints. Every device connected to your network is an endpoint – from desktop and laptop computers to mobile devices and even printers and point-of-sale (POS) equipment. It is important to keep your endpoint devices well protected with strong and unique passwords as well as up-to-date antivirus software.

Firewalls can be made up of software, hardware or, often, both. They are the first line of defence for your business network and – as long as they are up to date – can help filter out much malicious content before it is able to cause any harm.

Penetration and vulnerability testing

Penetration and vulnerability testing are crucial ways to assess the security risks to your business. By discovering and evaluating the weak points in your systems and network they can be used to help bolster your defences.