Cyber-security is a big issue for many companies. The feeling that you may not be protected can be a scary one, and it’s something that many enterprises grapple with. They want to stay safe, informed, and ahead of the curve. However, the more one looks into these things, the harder they
can be to understand. This is why we are going to take some time today to go over some of the terminology and buzzwords that one might encounter, what they mean, and why they are important to your journey into a secure network.
Zero Trust- Zero Trust is a way to operate a network, with the assumption that no trust can be given. This is not to say not to trust your employees, but that when it comes to who gets into your network, do not trust that the person is who they say they are without proof. This goes beyond passwords, but encapsulates things such as multi-factor authentication (see next section) and other verification methods to ensure that the person trying to get in is in fact the person that should be there.
Multi-Factor Authentication (MFA)- MFA is a system in which a secondary or tertiary method is required before someone can access the network. This verification can be in the form of entering a code from an email or text, using a push method, or answering a verification phone call in order
to access after putting in ones password.
Endpoint- An endpoint is a remote device that is connected to your network. These range from smart phones, to laptops to tablets. It also
includes your servers and even the smart refrigerator you bought for the break room. These endpoints all access your network, which is why endpoint security is important.
Social Engineering- Social engineering is a form of treachery in which a person is convinced to act against their best interests. This includes phishing emails, usb ports full of viruses left around, and many other means. The key is the human element involved. This is why social engineering attacks are the most dangerous, the criminals use your team against you.
Ransomware- Ransomware is a malicious attack that takes your network and data hostage. The goal is to get the person or enterprise to pay a
ransom, usually Bitcoin, to the attackers in order to get their data back. This past year, major ransomware attacks were carried out against infrastructure and business, with no signs of slowing down.
Malware- Malicious software. The intent of malware is to steal data, be it financial information, login credentials, and other information that can either be sold or used to access your network. These attacks come in many forms. They include spyware, viruses, Trojans, spyware and ransomware.
Patch- A patch is an update put out by a software company to close holes in the software that may allow for intrusions.
Dark Web- The dark web is the third area of the internet, which requires a hidden browser and a VPN to access. The dark web serves as a marketplace for hackers to sell data, plan and carry out attacks, as well as being the home of many illicit businesses. Oftentimes bank account details,
credit card information and login credentials are sold for pennies on the dollar.
Breach- A breach is when a network has been compromised. Usually this is in reference to when secure sections of a network are accessed
and data has been leaked to the dark web.
Compliance- Compliance refers to the laws and procedures that must be followed to stay within the confines of the law. An example of
this would be the HIPAA act, where medical practitioners are required to follow certain protocols in order to keep people’s medical information confidential. Not maintaining proper compliance can lead to steep fines and lost of consumer trust.
Risk Management- A form of proactive management in which an expert, such as Delval Technology Solutions analyzes your current technology.
This allows them to spot any risks that may be currently occurring, as well as to help identify future risks so that they can be avoided.
Phishing- A phishing attack is when a person or group of people are breached via misleading communications. This can come in the form of an
email, usually with an extreme sense of urgency that appears to be from a trusted source, a similar text message or a phone call. These texts and emails
usually have an attachment or a forum that appears to be from a trusted individual but in fact is from a malicious actor. The calls are usually telling you that there is an extreme emergency and you need to give your information immediately.
Firewall- A network security system that controls who enters and exits the network based on preset conditions.
When you speak to a managed service provider or network service provider, keep these phrases in mind. For your cyber-security needs, having an MSP that covers all of these bases is crucial. Cyber-security is a living breathing thing, the old ways of spam blockers and firewalls don’t hold water anymore. You need comprehensive security to keep your business safe.