Please note that this article is intended for educational purposes only and should not be deemed to be or used as legal advice. For guidance specific to your business, consult with a qualified professional.
Cybersecurity threats are an ever-present risk of doing business online, and they’re getting more frequent during COVID-19.
In March 2020, scams increased over 400 per cent from the previous month, and Google blocked over 18 million daily malware and phishing emails in April 2020. But to protect your business, you need to know what each of these cybersecurity terms mean.
Our cybersecurity glossary tells you what you need to know and how it applies to your business. Unlike a traditional glossary, we listed the terms in the easiest order to understand, instead of alphabetically, to help you build your cybersecurity knowledge as you read.
And for more information around financial or business terms, check out our Square Business Glossary.
Small business cybersecurity terms
Your business most likely uses a network, which is a group of computers virtually connected, to share files, data, and applications. Cybersecurity focusses on protecting your company network and data.
Each time a person or application accesses your network without permission, it’s referred to as a breach. If they also steal data while on your system, cybersecurity experts call it a data breach. A UK government cybersecurity breaches survey reports 46 percent of businesses and 26 percent of charities experienced cybersecurity breaches between April 2019 and March 2020.
When someone hacks your network or a device, they are essentially breaking into your system. They take action that allows them into something they don’t have permission to access. Hackers usually have malicious intent, like stealing data, manipulating data, or releasing malware.
Every device connected to your networks—like laptops, printers, mobile devices, and point-of-sale (POS) hardware—is an endpoint that allows access to your network. Because cybercriminals and viruses use endpoints to gain unauthorised access, protecting each endpoint with unique passwords and antivirus software is an important part of securing your business.
This refers to the weaknesses of your connected devices, network, and security systems, and the software that runs on them. These holes in your defence allow intruders to access your network, applications, or systems. As a business owner, you want to proactively identify any vulnerabilities and take action to protect your server to improve your account security.
Common mistakes include:
- Devices (such as laptops) without antivirus software
- Software not updated with the latest version
- Missed firewall security updates
When talking about online purchases, fraud is one of the basic cybersecurity terms that usually refers to someone trying to get goods or services without paying or trying to get money from you that you don’t owe. A fraudster can use a stolen credit card or try to get a refund for a product they didn’t purchase from you. Protect your income with Square’s secure payments.
Phishing is typically an email, often pretending to be from a real company or a person you might know, containing a file or link. When you click on the link or open the file, it launches a malware program that then infects the device and any connected networks.
Hackers often try to scam employees by sending convincing messages designed to trick them into opening an attachment or clicking a link to a malicious website. By training employees to spot phishing emails and not click on links or open files sent by unknown sources, you can reduce your risk of phishing attacks.
Use this cybersecurity small business guide that includes cybersecurity terms and tips on how to avoid phishing attacks and other threats to the security of your business.
Any type of software designed to cause damage is malware. It can make your data unusable, erase files on your hard drive, and steal your passwords through saving your keystrokes. Types of malware include ransomware, viruses, worms, and spyware (their cybersecurity definitions follow below).
A type of malware often launched through a phishing email is called ransomware. This attack locks data from you, holding it hostage until you pay a set amount of money (usually in bitcoins). However, cybercriminals don’t always provide the key to unlock the data, even when you pay the ransom. The 2020 Hiscox Cyber Readiness Report notes that one out of six companies that had cyber threats were held to ransom.
By backing up your data to the cloud (or other off-site location), you can revert to your backup if your system is ever attacked by ransomware.
Similar to sickness in humans, a computer virus spreads and infects between computers. The virus, one of the basic cybersecurity terms you’ve probably heard of before, attacks a specific type of technology, such as emails, files, and applications. For example, if someone opens a file with a virus, then the virus may infect all of the files on their hard drive. Each virus acts differently than other viruses, making them hard to protect against.
Worms are a type of malware. Unlike viruses, worms replicate, which means they make a copy of the worm. The worm then spreads to another computer, usually connected to the same network.
Many social media platforms and websites gather information about visitors, usually to improve advertising. However, it can turn into spyware if the program collects data, such as passwords, financial accounts, and other sensitive information, for malicious purposes.
Distributed denial of service (DDoS) attack
A DDoS attack happens when cybercriminals make a computer, application, or network unavailable. Hackers accomplish their goal by sending an unusually large number of visits to a page, which overwhelms the server and crashes the website. Because actual customers can’t access the page during the attack, the business loses sales during this time.
Encryption scrambles your data, making it unreadable to anyone without the key. When credit card information travels from a mobile POS terminal to a bank, the data is scrambled while en route to the location. The receiver will have the key to unscramble the data and access the information.
Encryption makes it harder for criminals to steal data, especially if you use end-to-end encryption, meaning only the sender and receiver can have the key.
Authentication is the act of proving one’s identity through an activity like entering a password or providing a fingerprint scan.
Authentication proves that the person trying to access the device, application, or server is authorised to do so and is who they claim to be. A related cybersecurity term, two-factor authentication, requires two different modes of authentication, like a security question and a password, or a code sent to a mobile device.
A backup is a duplicate of your digital information. Creating a copy of your data, files, and applications on a different storage device, such as a third-party cloud service or an external drive, can help you recover that information after a security incident.
After experiencing a cybersecurity incident, business owners should get the most recent unaffected version of their data, files, and applications. Small businesses should have a written recovery process so that any employee can quickly access the backup.
This process helps prevent breaches by replacing the data with an algorithmically generated number, called a token, that doesn’t have value if a breach occurs. Data goes into a vault similar to a locked suitcase, where the key travels on board the plane with the suitcase owner.
Because the token travels separately from the key needed to read the data, tokenisation provides a higher level of security than encryption.
Virtual Private Network (VPN)
A VPN is a private connection created for a specific user that securely sends data over public internet. VPNs only make sense for businesses if they need remote access to their company servers and don’t have another way to make that connection. Many VPNs use end-to-end encryption and additional security.
Personally Identifiable Information (PII)
Any data that either on its own or combined with other data identifies a specific person is a cybersecurity term called PII. A business must follow specific privacy regulations to protect its PII, which includes:
- National Insurance numbers
- Taxpayer identification numbers
- Home and business addresses
- Phone numbers
- Credit card numbers
- Dates of birth
- Copies of government-issued IDs
Generally, you shouldn’t send PII over email. If you have to, make sure you use secure file transfer options.
GDPR (General Data Protection Regulation)
The European Union enacted this data protection law in 2018, and any company that does business with a customer located in Europe must follow its strict guidelines, regardless of the business’s location.
A security device that can be composed of hardware, software, or both, a firewall is the first line of defence for a computer or network to protect its data and applications from attacks and breaches. Firewalls also track what data goes in and out of the network and block unauthorised connections. Businesses of all sizes should use a firewall as the first line of defence.
Anti-malware software is another cybersecurity term for antivirus software. This type of software scans files for known viruses and blocks potential threats to the device it is installed on. You should regularly update the software so it protects against recently created viruses. Periodically, you should also perform a full scan of each device on your network by following instructions for your specific antivirus software.
The cybersecurity definition of password hygiene is essentially proper password practises that keep your devices, applications, and networks safe from cyberattacks and viruses.
Encourage employees to use a password manager, so they can easily use unique and long passwords for each account or system.
PCI (Payment Card Industry) compliance
The PCI Security Standards Council sets requirements that organisations and sellers must follow for safely and securely accepting, storing, processing, and transiting cardholder data while processing credit cards. Lack of PCI compliance can result in fines and the risk of losing your merchant account, not to mention the risk of data breaches, loss of revenue, and a damaged reputation. Square’s layered security makes sure that your business is compliant with PCI requirements, handling audits and assessors so you don’t have to.
Cybersecurity strategy plan
Regardless of the size of your business, you need a plan that details how you’re protecting your business’s network and data. The strategy should be regularly updated and include firewalls, antivirus software, passwords, encryption, authentication, and employee training on phishing. Keep up to date on the National Cyber Security Centre’s weekly threat reports that detail current software breaches and other threats small-business owners should know about.
Incident response plan
The last term in our cybrsecurity glossary is incident response pelan. When a security issue happens, this strategy details exactly what to do to immediately secure the network and data, who to contact, and how to recover the data. Provide copies to all appropriate employees.