Implement our comprehensive Actions Checklist to protect & defend your business from a cyber breach.
|Electronic & Paper Data Security||
|Password Best Practices||
For assistance in crafting your cyber plan, visit https://www.fcc.gov/cyberplanner
Cyber Security Glossary:
Anti-Virus Software– Software designed to detect and potentially eliminate viruses before they have had a chance to wreak havoc within the system. Anti-virus software can also repair or quarantine files that have already been infected by virus activity.
Authentication– Confirming the correctness of the claimed identity of an individual user, machine, software component or any other entity.
Backup– File copies that are saved as protection against loss, damage or unavailability of the primary data. Saving methods include high-capacity tape, separate disk sub-systems or on the Internet. Off-site backup storage is ideal, sufficiently far away to reduce the risk of environmental damage such as flood, which might destroy both the primary and the backup if kept nearby.
Dictionary Attack– A password-cracking attack that tries all of the phrases or words in a dictionary.
Domain Hijacking– An attack in which an attacker takes over a domain by first blocking access to the domain’s DNS server and then putting his own server up in its place.
Encryption– A data security technique used to protect information from unauthorized inspection or alteration. Information is encoded so that it appears as a meaningless string of letters and symbols during delivery or transmission. Upon receipt, the information is decoded using an encryption key.
Firewall– A hardware or software link in a network that inspects all data packets coming and going from a computer, permitting only those that are authorized to reach the other side.
Keystroke Logger– A specific type of electronic infection that records victims’ keystrokes and sends them to an attacker. This can be done with either hardware or software.
Malware– A generic term for a number of different types of malicious code.
Man-In-the-Middle Attack– Posing as an online bank or merchant, a cyber-criminal allows a victim to sign in over a Secure Sockets Layer (SSL) connection. The attacker then logs onto the real server using the client’s information and steals credit card numbers.
Phishing– Soliciting private information from customers or members of a business, bank or other organization in an attempt to fool them into divulging confidential personal and financial information. People are lured into sharing user names, passwords, account information or credit card numbers, usually by an official-looking message in an email or a pop-up advertisement that urges them to act immediately, usually by clicking on a link provided.
Pharming– Redirecting visitors from a real website to a bogus one. A user enters what is believed to be a valid Web address and is unknowingly redirected to an illegitimate site that steals the user’s personal information. On the spoofed site, criminals may mimic real transactions and harvest private information unknowingly shared by users. With this, the attacker can then access the real website and conduct transactions using the credentials of a valid user.
Skimming– A high-tech method by which thieves capture your personal or account information from your credit card, driver’s license or even passport using an electronic device called a “skimmer.” Such devices can be purchased online for under $50. Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the device or an attached computer. Skimming is predominantly a tactic used to perpetuate credit card fraud, but is also gaining in popularity amongst identity thieves.
Social Engineering– A euphemism for non-technical or low-technology means—such as lies, impersonation, tricks, bribes, blackmail and threats—used to attack information systems. Sometimes telemarketers or unethical employees employ such tactics.
Spoofing– Masquerading so that a trusted IP address is used instead of the true IP address. A technique used by hackers as a means of gaining access to a computer system.
Spyware– Software that uses your Internet connection to send personally identifiable information about you to a collecting device on the Internet. It is often packaged with software that you download voluntarily, so that even if you remove the downloaded program later, the spyware may remain.
Vishing– Soliciting private information from customers or members of a business, bank or other organization in an attempt to fool them into divulging confidential personal and financial information. People are lured into sharing user names, passwords, account information or credit card numbers, usually by an official-looking message in an email or a pop-up advertisement that urges them to act immediately—but in a vishing scam, they are urged to call the phone number provided rather than clicking on a link.
Worm– Originally an acronym for “Write once, read many times,” a type of electronic infection that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. Once this malicious software is on a computer, it scans the network for another machine with a specific security vulnerability. When it finds one, it exploits the weakness to copy itself to the new machine, and then the worm starts replicating from there, as well.
Source: National Institute of Standards and Technology: