SME Business Cyber Security Definitions Handbook
This is an abridged version of the handbook which is due for release in late January 2023.
ACSC Australian Cyber Security Centre
Australia’s leading Government body in improving cyber security in Australia. Their role is to help make Australia the most secure place to connect online. This role includes monitoring cyber threats 24 hours a day seven days a week, so that they can alert Australians and Australian businesses on what to do, including the provision of information and advice on how to protect yourself and business online. www.cyber.gv.au
A software program designed to prevent your computer or tablet, smartphone, or server from becoming infected by a computer virus.
An application is a type of software that allows you to perform specific tasks. Applications for desktop or laptop computers are sometimes called desktop applications, while those for mobile devices are called mobile apps. When you open an application, it runs inside the operating system until you close it. Examples 365, zero, mail chimp, crm systems etc.
A file sent with an email message, which is to be opened by the recipient
An application (app) used to confirm the identity of a computer user to allow access through multi factor authentication. A second level of security.
Backup is the process of making copies of data or data files to devices or to the cloud enabling the user/business to recover the files/data if the original data or data files are lost or destroyed.
Business Email Compromise
Is an email scam where the attacker impersonates an employee in a business and aim to defraud a business through transfer of money to an account. Business email compromise is a large and growing problem that targets organisations of all sizes across every industry around the world. Best way to prevent is educate staff what to look for.
A collection of private computers that are infected with malicious software that are being controlled without the owner’s knowledge. The Botnet is working continuously to create security breaches. These attacks come in the form of Bitcoin mining, sending spam e-mails, and DDoS attacks
Brute Force Attack
A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all combinations hoping to guess correctly. The attackers are generating millions of character combinations per minute using a bot robot.
The various approaches and technologies that are implemented to protect data applications and cloud system apps.
A filter that examines content to assess conformance against a security policy and prohibits the user from accessing the content
Cybercriminal (as defined by Commonwealth Director of Public Prosecutions Australia)
Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data and generating profit.
The ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incident.
Measures used to prevent unauthorised access and protect the confidentiality, integrity and availability of systems and data of businesses and individuals.
Cyber Security Event
An occurrence of a system, service or network state that indicates a breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.
Cyber Security Incident
An unwanted or unexpected cyber security event, or a series of such events, which have a significant probability of compromising business operations.
This is the process and practices adopted by businesses to the practice of copying data from a primary to a secondary location, to protect it in case of a disaster, accident, or malicious activity. Data is the lifeblood of businesses and losing data can cause massive damage and disruption to business operations.
A data breach occurs when personal data has bene accessed without authorisation or been lost. In an IT sense this means when a hacker has successfully broken into a system and steals data such as credit cards, phone numbers, address details etc., with the purpose of selling the data for money.
DOS Denial of Service and DDOS
A denial of service is aimed at websites, and it attempts to render the site inaccessible.
A DoS attack: is when a website is accessed massively and repeatedly from various locations, preventing legitimate visitors from accessing the website.
When a DoS attack is launched from various locations in a coordinated fashion, it is often referred to as a distributed denial of service attack (DDoS)
Is used by hackers as part of a conversation-hijacking attack. Attackers attempt to impersonate a domain by using techniques such as typo squatting, replacing one or more letters in a legitimate email domain with a similar letter or adding a hard-to notice
letter to the legitimate email domain. In preparation for the attack, cybercriminals register
or buy the impersonating domain. Linked to the execution of a ransomware attack
What to do next?
Next months: SME Business Cyber Security Definitions Handbook will cover more terms, however if any of these terms ae making you think about security and you want to have a friendly chat about your security posture or resilience then please contact your local Computer Troubleshooter on 1300 28 28 78 or find your nearest location by clicking here.