Every business leader should be knowledgeable about cybersecurity; in particular, they should be aware of persistent and new threats that can affect business continuity, as well as strategies that can mitigate these risks. However, keeping on top of these threats can be difficult if they’re explained using cybersecurity jargon.
To know if you have a good grasp of cybersecurity lingo, take this quiz. Each question tackles a specific cybersecurity concern or solution that you should know about to give you a better understanding of how best to protect your business.
1. What do you call a cybersecurity event in which sensitive or protected information is accessed and/or disclosed without authorized permission? This can happen when hackers gain access to databases or systems, or when employees accidentally or maliciously share data with unauthorized individuals.
- Security incident
- Data breach
- Social engineering scam
Answer: B. Data breach
While a security incident is an umbrella term that covers any occurrence that can jeopardize the confidentiality, integrity, or availability of your data or systems, a data breach specifically refers to unauthorized data access. One way a data breach can occur is through a social engineering scam, a scheme in which a cybercriminal tricks someone into revealing sensitive information by pretending to be a trusted person or an authority figure.
2. Which of the following is a type of social engineering scam wherein cybercriminals pretend to be a high-level executive or a trusted vendor in order to trick someone into wiring them money? This cyberattack is often perpetrated against businesses that regularly transfer huge sums of money.
- Watering hole phishing
- Clone phishing
- Business email compromise
Answer: C. Business email compromise
All the choices above are kinds of phishing scams or attacks where cybercriminals send fraudulent emails that appear legitimate and credible, with the intention of stealing sensitive information. Phishing scams come in many forms, so make sure you implement solutions and train your employees on how to spot and defend against them.
In a watering hole phishing attack, for instance, hackers leverage users’ most frequently visited sites to get them to click on a malicious link. In a clone phishing scam, cybercriminals make a seemingly identical copy of a message that the intended victim has already received, except that the near-perfect copy includes a malicious link. And in a business email compromise, hackers try to get people to wire them money by pretending to be a higher-up or a trusted vendor.
3. Which definition best describes a virus?
- Malware that makes copies of itself and spreads to other computers
- Malware disguised as a legitimate program or file in order to trick users into installing it
- Malware designed to collect information about users without their knowledge or consent, such as their internet habits and keystrokes
Answer: A. Malware that makes copies of itself and spreads to other computers
Malware is any type of software created to damage or disable computers and computer systems. There are many kinds of malware, and viruses are just one of them. Among the choices above, choice B actually describes Trojans, while choice C describes spyware.
4. What does a virtual private network (VPN) do?
- It monitors and controls incoming and outgoing traffic based on predetermined security rules.
- It requires two pieces of evidence to verify user identity.
- It allows authorized remote users to securely access an internal network as if they were physically connected to it.
Answer: C. It allows authorized remote users to securely access an internal network as if they were physically connected to it.
A VPN creates an encrypted connection, allowing for the exchange of data between two devices without the risk of eavesdropping or data theft. A VPN helps businesses prevent sensitive information from being accessed by unauthorized individuals. Additionally, a VPN can be used to bypass geographic restrictions and access content that may be blocked in certain countries.
5. If you want to create a “comprehensive security IT policy,” which of the following elements should you include? Choose all answers that apply.
- A user identity verification process
- A solid backup strategy that includes on-site and off-site backups
- A security awareness training program for everyone in the organization
Answer: A, B, and C
A comprehensive security IT policy is a written document that contains a detailed action about what your company needs to do about security threats. This policy comprises a breadth of solutions and processes, including those listed above.
For instance, a secure user verification process has to be included in the policy because it helps ensure that only authorized users have access to sensitive data and systems. It’s usually imperative for such a plan to implement multifactor authentication, which requires another security layer on top of passwords to confirm user identity.
Backups are also a critical component of an IT policy because they provide a copy of data that can be used to restore operations in the event of an attack. Lastly, cybersecurity awareness training is a must, as it helps employees learn how to spot red flags, identify phishing emails, and understand what steps they need to take to keep company data safe.
How did you do?
4–5 correct answers: Congratulations! You sure know your cybersecurity lingo.
2–3 correct answers: There’s more to learn, but you did well.
1 or no correct answer: You need to work on your cybersecurity lingo skills.
If you want to improve your cybersecurity posture but don’t know where to start, call Online Computers. As a leading provider of cybersecurity solutions and services in New Jersey, we can help you assess your current infrastructure, identify gaps, and recommend solutions to close those gaps. Drop us a line today.