Businesses face various security threats, including ransomware, phishing attacks, computer viruses, and more. With these security threats increasing, managed security services are no longer a luxury—they’re a necessity.
Before business owners and executives can fully understand the advantages of managed security, they need to understand some basic IT security terms. Here’s our glossary of basic cybersecurity terms executives should know:
Business Cybersecurity Basics
- Cybersecurity – the protection of computers, networks, and infrastructures from digital threats and risks.
- BYOD – “Bring Your Own Device,” a business policy that allows or requires employees to use their own devices instead of company-provided ones, that can impact cybersecurity.
- Infrastructure – the physical and organizational assets and framework comprising an entity. In IT, infrastructure includes hardware and equipment like monitors and servers; software; and organizational processes.
- Network – a group of computers that are digitally connected to enable communication, file sharing, and other data transmissions. Types of networks can include Local Area Networks (LAN), Wide Area Networks (WAN), and many others.
- Managed IT Services – IT services that provide continual support, generally on a monthly payment plan, to proactively manage IT reliability, infrastructure, and security.
- Managed Service Provider (MSP) – an IT provider that offers managed services.
Risks, Threats, & Vulnerabilities
- Threat – an individual or event that has the potential to negatively affect your systems.
- Vulnerability – a weakness in your security that can be exploited or penetrated.
- Risk – the probability that your IT will be compromised due to threats, vulnerabilities, etc.
- Cyber Attack – a deliberate attempt by an individual or group to breach an organization’s network or infrastructure to steal or erase data, cause disruptions, or otherwise cause harm.
- Data Breach – when an unauthorized user gains access to restricted data. Data breaches are often caused by cyber attacks, but they may also be caused by vulnerabilities in systems or software which can then be exploited.
Types of Cyber Attacks
- Malware – any malicious software that is harmful to a network, system, or user.
- Ransomware – a type of malware that blocks access to a system or data until a ransom is paid.
- Phishing – a type of cyber attack, often in the form of an email, that attempts to manipulate a recipient into giving up personal or financial information.
- Spear Phishing – a targeted phishing attack where the attacker uses specific information about the victim, such as place of work, interests, or organizations they do business with, to manipulate the victim into giving up information.
- Virus – a malicious computer program that replicates itself to “infect” other programs after it is triggered by a bad actor.
- Worm – a piece of malware that self-replicates to infect other programs automatically once it gains access to a computer.
- Botnet – a network of computers that have been infected with malware and is controlled by a bad actor. A botnet can be used to send a large amount of traffic in a DDoS attack.
- DDoS Attack- a “Distributed Denial of Service” attack uses a botnet to bombard a website with a huge number of requests in order to to slow or crash the website.
- Trojan Horse – malware that exploits a “back door” to gain remote access to a computer.
- Spyware – malware that operates in the background to collect information such as keystrokes, login credentials, and other data, undetected by the user.
Security Tools, Services & Defenses
- VPN – a Virtual Private Network (VPN) creates a private network on a public internet connection by encrypting your data.
- Firewall – a network security tool that monitors traffic and prevents unauthorized access based on a set of instructions.
- Multi-Factor Authentication (MFA) – a password protection tool that requires two or more forms of authentication before allowing a user to log in.
- Cloud Computing – an umbrella term pertaining to services, products, and platforms hosted on a secure remote server.
- Security Framework – a set of standards that serves as a structure or guide for security, such as NIST.
- Threat Detection & Response – the process of monitoring systems to detect and respond to threats.
- Pen Testing – penetration testing evaluates an organization’s vulnerabilities, generally by attempting to “hack” their network to explore what weaknesses cyber criminals might be able to exploit.
- Endpoint Protection – security designed to protect endpoints in a network—devices such as computers and mobile devices where users can access the network. This becomes especially important in a remote network, where endpoints may be spread out rather than located in the same physical location.
- DNS Protection – Domain Name System protection can blacklist potentially dangerous websites, advertisements, and malware to prevent you from being exposed to risks.
- Managed Protection & Response – a managed security service that proactively searches for vulnerabilities, potential breaches, and suspicious activity and works to remediate them.
- SIEM – Security Information and Event Management combines security information management and security event management by analyzing security threats in real time.
Digitally Protecting Your Business
ISG Technology is proud to help businesses with their IT support needs by providing 24/7 network monitoring, real-time alerts and notifications, infrastructure maintenance, and more. We make security simple through our Managed Security offering, which mitigates business security risks by utilizing the most advanced cybersecurity tools and practices to protect your company.
Contact us today to protect your business from cyber threats and gain complete confidence in your security.