5 Cyber Jargon Terms And What They Really Mean
Cyber security is full of mystifying jargon that makes no sense to people who don’t work in the industry. From keylogging to APTs, it’s almost as if cyber professionals deliberately clutter the industry with terms to confuse everyone else.
That’s where we come in. We try and “demystify cyber” so that the layman can better understand what real threats are and where they come from.
In this article we’ve picked out five common terms, which are relevant to you the Chairman, official, or administrator of a sport/leisure club.
Sounds painful and in some cases it can be. Data Exfiltration refers to the unauthorised removal of data from an organisation. Its more commonly referred to in the press and media as a “Data Hack” or “Data Leak”.
Some of the largest companies in the world have been victims of this type of cyber crime. The loss of people’s personal data stored on computers or IT infrastructure is a major issue for all organisations. Cyber criminals are always on the lookout for ways to gain people’s information, email addresses, passwords etc, which they can sell on at a profit. In fact, it happened to World Rugby in a big way back in 2018 – read about that here.
Protecting yourself against this type of event is important, as is knowing if and when a data exfiltration event has occurred. This is particularly relevant after the implementation of the General Data Protection Regulation (GDPR), which requires you to notify the Information Commissions Office (ICO) within 72hrs of a “Data Leak” occurring. Failure to do so can incur fines of up to 4% of turnover or £17m, whichever is higher.
The good news is that good commercial grade firewalls help enormously, as do the latest tools which monitor the web for any data relating to your organisation which may have been exfiltrated or “leaked”.
But if the worst does happen a market-leading cyber insurance policy with a full incident response capability can be of enormous benefit. Only high-quality policies come with access to a 24/7 incident response team who can help manage any post Data Leak process. This will include working out what happened, contacting anyone effected and dealing with the ICO if necessary. At DeCyber we offer cyber insurance underwritten by Lloyd’s of London, and it comes with free 24/7 incident response.
Short for ‘malicious software’. Makes sense once you know that doesn’t it?
Malware is a catch-all term for any software created to do your device harm. It includes viruses, worms, Trojans and everything in between (more on those terms in a future article). Basically, it’s anything foreign to your computer that shouldn’t be there, and which will harm it or any IT systems it is connected to.
These days, people often use the terms virus and malware interchangeably. So if you have good, commercial-grade anti-virus in place, it likely protects from the other common forms of malware to.
A form of malware, and one that’s sadly becoming increasingly common.
Ransomware is downloaded on to your device (often by convincing you to click a link using phishing/spoofing as explained below). It will then deny you access to files or programs until you pay a ransom; they say upon receipt of a ransom that you’ll be given a password to unlock everything. This was the sort of attack the NHS suffered back in 2017.
There are some ransomware analysts that can decode the password for you or unencrypt your data, but this be a costly and difficult process.
For that reason, it’s best practice to get proper cyber training to stop you falling for phishing/spoofing. Good practices include investing in good anti-virus software that can detect ransomware before it installs, backing-up your data regularly and ensuring you have high quality cyber insurance (which can give you access to experts who can help recover your data). At DeCyber we offer top class anti-virus from Avast and Wardwiz, as well as training from CybSafe and cyber insurance underwritten by Lloyd’s of London.
Spoofing is when cyber criminals copy the identity of an organisation by setting up fake email accounts and/or websites that look legitimate. They often “spoof” an organisation as the first stage of a well-orchestrated phishing campaign. An example, is where a bogus site is set up purporting to represent your sports club or event in order to get your members’ details or credit card details.
Cyber criminals look to target organisations with weak cyber security for this type of scam. You may have already seen organisations you deal with send you notifications that emails you may have received recently have not come from them. In this case they have usually been “spoofed” or had their details copied for use in cybercrime. Spoofing is often used in conjunction with phishing…
Phishing is the technique cyber criminals use to deceive the target into doing something silly like sharing sensitive information or even giving them money. Getting you ‘hook, line and sinker’.
Phishing can be very easy to spot. It is highly likely you have already been exposed to a low-level phishing scam – the ‘Nigerian prince’ scam being an old favourite.
However, it’s harder to know whether something is wrong when you receive an email from an institution that looks, for all intents and purposes, totally legitimate. The ‘from’ field of an email you receive can be forged to make it look like it has come from someone you know or an institution you trust.
This can often look like it has come from a major bank or even a local supplier. It might simply ask you to follow a link and log in and enter your password, download a file or invoice, or worse send money to a bank account. These might be all normal things or ways you interact with that organisation. For example, this could be an email purporting to be from the Club Chairman asking the club secretary to transfer funds.
Luckily there is software which can help identify if your club is vulnerable, and also if anybody is in the process of stealing your organisation’s identity.
The latest cyber training can also help you and officials in your club avoid making the mistake of falling for it by recognising the potential areas of risk.
DeCyber offers solutions that include market-leading protection from these kind of scams. Our packages include OwlDetect, which monitors the web for signs your data has been hacked or stolen. They also include KYND, which can detect the level of risk to you domain at any given time and warn you of incoming threats. We also offer state-of-the-art training courses from CybSafe.
HOW TO PROTECT YOUR CLUB
These are just a few of the common terms that we thought would be helpful for you. We will write further articles in the future taking a deeper dive into the world of cyber security to equip you against all jargon and industry gobbledygook.
If you’d like to find out how vulnerable your club is, and find out the best ways to protect it, just take our Cyber Health Check. It’s free, takes less than 15 minutes, and will give you the answers you need.