Cyberattacks continue to grow in scale, ferocity, and audacity. No one is safe. Large corporations are a target because hackers see the potential payoff as huge. Small companies are vulnerable too because they don’t have the financial muscle needed to invest in sophisticated security systems. Now more than ever, businesses must do whatever it takes to keep their data and tech infrastructure safe. If non-techie employees understand key cybersecurity terms, they’ll have a much better chance of making the right security decisions. There are thousands of cybersecurity terms but no one (techie or otherwise) is under obligation to know all of them. Some terms are, however, more important than others and these are the ones all staff must be aware of.

Note that knowing these cybersecurity terms is more than just mastering the definitions. Rather, it’s being able to understand the patterns and behavior that define them.

Shutterstock

1. Adware

Adware is a set of programs installed without explicit user authorization that seek to inundate the user with ads. The primary aim of adware is to redirect search requests and URL clicks to advertising websites and data collection portals.

While adware mainly aims to advertise a product and monitor user browsing activity, it also slows down browsing speed, page-load speed, device performance, eats into metered data, and may even download malicious applications in the background.

2. Botnet

Shutterstock

Botnets are simply a collection of several (and they can number in the millions) Internet-enabled devices such as computers, smartphones, servers, routers, and IoT devices that are under a central command and control.

Botnets are infectious and can be propagated across multiple devices. Botnet is a portmanteau of “robot” and “network.” Some of the largest and most dramatic cyberattacks in recent times have involved botnets, including the destructive Miraimalware that infected IoT devices.

3. Cyber-espionage

When you hear the term espionage, what first comes to mind is the world in a bygone era. But espionage is as alive today as it was a century ago. The difference is that thanks to the proliferation of information technology and the ubiquity of the Internet, espionage can now be executed electronically and remotely.

Cyber-espionage is the gathering of confidential information online via illegal and unauthorized means. As you’d expect, the primary target of cyber-espionage is governments as well as large corporations. China has been in the news in this regard though other world powers such as the United States and Russia have been accused of doing the same at some point.

cybersecurity terms

4. Defense-in-depth

Defense-in-depth is a cybersecurity strategy that involves creating multiple layers of protection in order to protect the organization and its assets from attack. It’s born out of a realization that even with the best and most sophisticated technical controls, no security is ever 100 percent impenetrable.

With defense-in-depth, if one security control fails to prevent unauthorized access, the intruder will run into a new barrier. It’s unlikely that many hackers will have the knowledge and skills to surmount these multiple barriers.

5. End-to-end encryption

End-to-end encryption is a means of securing and protecting data that prevents unauthorized third parties from accessing it during rest or transmission. For instance, when you shop online and pay with your credit card, your computer or smartphone has to relay the credit card number you provide to the merchant for authentication and payment processing.

If your card details fall into the wrong hands, someone could use it to make purchases without your permission. By encrypting the data during transmission, you make it harder for third parties to access your confidential information.

6. Firewalls

A firewall is a defense mechanism that is meant to keep the bad guys from penetrating your network. It’s a virtual wall that protects servers and workstations from internal and external attack. It keeps tabs on access requests, user activity, and network traffic patterns in order to determine who can and cannot be allowed to interact with the network.

7. Hashing

Hashing is an algorithm for encrypting passwords from plain text into random strings of characters. It’s a form of security method that transforms fixed-length character strings into a shorter value that represents it. That way, if an intruder somehow got through to the password file or table, whatever they see will be text that is useless to them.

8. Identity theft

Identity theft is sometimes referred to as identity fraud. It’s the No. 1 reason why hackers seek to access confidential information and customer data especially from an organization. An identity thief hopes impersonate an individual by presenting the individual’s confidential records or authentication information as their own.

For example, an identity thief could steal credit card numbers, addresses, and email addresses then use that to fraudulently transact online, file for Social Security benefits, or submit an insurance claim.

9. Intrusion detection system (IDS)

It’s relatively uncommon for a cyberattack to be completely unprecedented or unknown in its form, pattern, and logic. From viruses to brute force attack, there are certain indicators that point to unusual activity. In addition, once your network is up and running, all network traffic and server activity will follow a relatively predictable pattern.

An IDS seeks to keep tabs on network traffic by quickly detecting malicious, suspicious, or anomalous activity before too much damage is done. The IDS blocks malicious traffic and sends an alert to the network administrator.

10. IP spoofing

IP address forgery or spoofing is an address-hijacking mechanism in which a third party pretends to be a trusted IP address in order to mimic a legitimate user’s identity, hijack an Internet browser, or otherwise gain access to a restricted network. It isn’t illegal for one to spoof an IP address. Some people do so in order to conceal their online activity and maintain anonymity (using tools such as Tor).

But IP spoofing is more often associated with illegal or malicious activity. So organizations should exercise caution and take appropriate precautions whenever they detect that a third party wants to connect to their network using a spoofed address.

11. Keylogger

Keylogger is short for keystroke logger. It’s a program that maintains a record of the keystrokes on your keyboard. The keylogger saves the log in a file, then encrypts and distributes it. While a keylogging algorithm can be used for good (some text-to-voice apps for example use keylogging mechanism to capture and translate user activity) keyloggers are often a form of malware.

A keylogger in the hands of nefarious persons is a destructive tool and is perhaps the most powerful weapon of infiltration a hacker can have. Remember, the keylogger will capture all key information such as user names, passwords, PINs, pattern locks, and financial information. With this data, the hacker can easily access your systems without breaking a sweat.

12. Malware

Malware is one of the cybersecurity terms you will hear the most often. It’s a catch-all word that describes all malicious programs including viruses, Trojans, spyware, adware, ransomware, and keyloggers. It’s any program that takes over some or all of the computing functions of a target computer for ill intent. Some malware is just little more than a nuisance but in many cases, malware is part of a wider hacking and data extraction scheme

13. Password sniffing

cybersecurity terms

Password sniffing is the process of intercepting and reading through the transmission of a data packet that includes one or more passwords. Given the volume of network traffic relayed per second, password sniffing is most effectively done by an application referred to as a password sniffer. The sniffer captures and stores the password string for malicious and illegal purposes.

14. Pharming

Pharming is the malicious redirection of a user to a fraudulent site that has colors, design, and features that look very similar to the original legitimate website. A user will unsuspectingly key in their data into the fake website’s input forms only to realize days, weeks, or months later that the site they gave their information to was harvesting their data to commit fraud.

15. Phishing

Phishing is a form of social engineering and the most common type of cyberattack. Every day, more than 100 billion phishing emails are sent out globally. Phishing emails purport to originate from a credible recognizable sender such as e-Bay or Amazon or financial institutions. The email will trick the recipient into sharing their username and password on what they believe is a legitimate website but is in reality a website maintained by cyberattackers.

Knowing these cybersecurity terms is a first step in preventing cyberattacks

While technical controls are crucial, employees are the weakest link in your security architecture. Nothing makes employees better prepared for a cyberattack than security training and awareness. For most organizations, the IT department represents only a fraction of the entire workforce.

Tech staff can therefore not be everywhere to explain cybersecurity terms and help each employee make security-conscious decisions. Therefore, making sure your non-techie staff is familiar with these cybersecurity terms is fundamental.

Featured image: Shutterstock

Microsoft has unveiled a raft of new capabilities for its Teams collaboration tool, including customized backgrounds for video calls, live text captions and integration with its Whiteboard “digital canvas” tool. 

Those are just three of the features announced as part of a major update to the application at the Enterprise Connect event in Orlando, Fla. on Tuesday, alongside added security and compliance features. 

Half a million organizations deploy Teams

Microsoft also offered an update on user adoption, saying there are now 500,000 organizations using Teams. That’s up from 329,000 last September, and 200,000 a year ago, and highlights growth in a crowded market that includes Slack, Google Hangouts and others.

Unlike some competitors like Slack, which has 10 million daily active users, Microsoft doesn’t break out individual user statistics.

There are more large-scale deployments, too, said Lori Wright, general manager of Microsoft 365. That list includes more than 150 companies with at least 10,000 monthly active users, up from 54 companies last fall. (Last month, Facebook said its Workplace also has 150 customers with more than 10,000 users, while Slack has 150 organizations paying for Enterprise Grid, which is aimed at larger deployments.)

“It is our two-year anniversary and the macro trends that have been going on for quite some time continue to drive the growth and momentum of Teams,” said Wright. “This includes things like more remote workers than ever before, the move from being tethered to your desktop to having mobile devices, [and] being able to break down corporate hierarchies and create more inclusive cultures where people can find the information they need.”

Teams is available as part of subscriptions to Microsoft’s Office 365 suite, which has more than 155 million individual users. Microsoft also offers a free version of Teams.

Since its launch, Teams has been positioned as a core communication and collaboration tool within Office 365, effectively replacing Skype for Business. Among those making the transition are Microsoft’s own staffers: the company said today that 180,000 of its employees have switched from Skype for Business, with Teams used for all communications.

“Microsoft is killing it with Teams, a lot quicker than I thought they would be at this point,” said Patrick Moorhead, founder and president of Moor Insights & Strategy. “The company has come a long way when you realize how many years it was behind in cloud tools and I’d say it is leading right now – even bringing out features startups have begun to offer.”

Angela Ashenden, principal analyst at CCS Insight, agreed that the latest adoption data highlights  Microsoft’s success in “maintaining incredible growth rates with Teams.” 

However, she added that the monthly active user figures provided by Microsoft don’t necessarily show that Teams is being relied on for team collaboration yet. (Daily or weekly active use would be a better indicator, she said.)

“We’re clearly seeing more experimentation with the platform among a broader proportion of workforces, but it’s likely that this adoption is more through use of the Skype For Business meeting capabilities within Teams than use of the core messaging platform,” said Ashenden.

New meeting features

Among the new functions aimed at improving the Teams meeting experience are customized backgrounds, which build on the previously blurred background feature, allowing users to choose the backdrop visible to others during a video call. The aim is to reduce distractions, Microsoft said, and encourage more Teams users to take part in video meetings.

With Intelligent Capture in Microsoft Teams Rooms, Microsoft also wants to make it easier for remote participants to see drawings on analog whiteboards during meetings. Intelligent Capture processing can resize, focus and enhance whiteboard images and text, overlaying the information onto a video stream in real time.

Moorhead said that the digital whiteboard feature is the most significant feature announced at Enterprise Connect. “It takes a very analog work tool every information worker is familiar with and digitizes it,” he said. “I was very interested that with the extra camera feature you could literally look through the person drawing and annotating.”

“Data shows that the vast majority of meetings have at least one remote attendee,” said Wright. “A remote attendee is at a disadvantage anytime someone gets up to write on the whiteboard because they can’t really see the content, they are trying to make it out, they are trying to look through a human body and understand what is happening. We have solved this now.”

Customized backgrounds and Intelligent Capture features are slated to roll out later this year. 

There is also support for Microsoft’s digital canvas app, Whiteboard – which lets users collaborate on creative work and share ideas within Microsoft Teams Rooms. (That’s the multivendor conference room control system rebranded from Skype Room Systems earlier this year.) That allows content to be moved from a physical to a digital whiteboard without having to replicate the information from scratch. The feature is now in public preview. 

“With the new content camera and the Microsoft Whiteboard app, we see Teams starting to embrace collaboration that spans both physical and online situations, with the forthcoming Surface Hub 2 also playing an important role,” said Ashenden.  

Live captions automatically creates a real-time text transcript during a meeting, which is useful for meeting participants who are deaf or hard of hearing, those who struggle with a particular language, or for those connecting from a noisy location. 

“The live captions capabilities are also particularly interesting as these could help where it’s hard to hear the audio due to background noise or connectivity challenges,” said Ashenden, “but it will also be valuable where meeting participants or audiences are not native speakers.

“Over time, you can see this becoming the platform for real-time translation during meetings and events as well.”

Security and compliance upgrades

Microsoft also announced features aimed at Teams admins. 

Private channels is “one of the most requested features” in Teams, said Wright, and allows a certain channel within a team to be locked down for private conversations. The functionality will be available later this year, Microsoft said.

The company also touted information barriers designed to help avoid conflicts of interest within an organization by limiting which individuals can communicate with each other. That should be useful for meeting compliance demands. 

“Think about a financial institution where you have buy-side and sell-side investors; you have to be able to create a strong ethical wall or information barriers so that information can’t cross between those two groups,” said Wright, adding that that feature is “coming soon.”

Finally, new data loss prevention (DLP) capabilities detect sensitive information in Teams conversations to prevent such data from being leaked or shared without authorization. This is generally available now.

Ashenden said the security and governance features will be critical for many highly regulated companies that “see Teams as a way to provide a more secure and compliant alternative” to consumer tools within their organization. 

“Security and trust are key focal points for differentiation for Microsoft, and data loss prevention and information barriers provide more controls and reassurance for IT organizations,” she said.

This story, “As Teams turns two, Microsoft adds compliance and meeting features” was originally published by Computerworld.