Introduction
Whether we’re backed by a whole department of security experts, relying on chat support to troubleshoot a one-off issue, or contracting a team to mitigate an existing threat, we’ve all had to call upon tech support at one point or another. Too often, we’re then inundated with confusing technology jargon that’s hard to keep up with, making it difficult to understand the problem and avoid it moving forward or properly take the next steps needed to secure our systems.
If you find yourself scratching your head whenever I.T. comes by to run updates, stop fretting! Today we’re going to break down 5 common terms you might have heard when talking to your tech team.
#1 Insider and Outsider Threats
Let’s refresh your security awareness training. The difference between insider and outsider threats lies in where the attack originates. Insider threats are those conducted by someone inside the organization, or a third party with whom you regularly do business. For instance, if your coworker wanted to exact revenge on the business or they are persuaded into becoming complicit in a hack, they would be an inside threat to the organization because they have access and reason to be on the network.
Outsider threats are ones you probably think of when you imagine a cyberattack: Some unrelated purveyor of the Dark Web targeting the business for money or information.
#2 RTO and RPO
Recovery Time Objective, often shortened to RTO, is the amount of time that your job has to recover after a cyber-event, before business fails and the disruption becomes too great to recuperate from. Your supervisors might push you extra hard after an attack to lengthen this time span or hasten recovery. Most small- to medium-size businesses close within six months of a serious cyber event!
If you hear the term RTO being tossed around, there’s been a data breach or some other cyber-incident in the network. A related term you might hear tossed around is RPO, or Recovery Point Objective. This is the amount of time a cyber-event can occur before too much data is compromised to recover at all! While you may not be leading the post-attack recovery initiative, taking time for yourself and approaching each day with a positive attitude will help you more successfully perform your role in the process.
#3 Social Engineering
Social engineering tactics play on your emotions to get you to make mistakes that you normally wouldn’t. Phishing messages are one example of this; they try to incite fear, curiosity or anger to get you to react the way the scammer wants. That could mean downloading an infected attachment, giving them your credentials, sending money or whatever goal the hacker has when they reach out.
Reverse social engineering is a trap laid out to convince you to contact them. That fosters additional trust because the victims are the ones making the first move, so they think they have all the information and power.
#4 Single Sign-On
SSO is one way to keep your files safe and in one central location, allowing you to switch between applications without signing in and out of each one. Google is one example you may have used before. There are many compatible sites that let you sign in with a Google account, from Gmail to Youtube to apps you might have on your phone.
Why is this an effective security measure? Aside from being a more convenient and streamlined way to get work done, it still requires identity verification to view your data in any of those applications, providing an extra barrier against hackers.
#5 Zero Trust Security
Do you know why you have to scan your badge to enter the building, or get unique credentials just to open up the computer’s desktop, or sign out a record every time you want to check one little thing? The reason is a Zero-trust security framework which organizations set up to routinely identify and authorize both workers and potential visitors. Your boss’s ID badge gets them through more doors than yours does, and a random person off the street wouldn’t be able to get in at all.
The name comes from zero-day attacks, which are those vulnerabilities that are exploited before the network owner is even aware that they need a patch.
Conclusion
Hopefully, this list gives you a leg up the next time you’re on the phone with I.T. trying to figure out why you’re locked out of all your accounts. Technology and the language we use to understand it changes all the time as new inventions push us forward. Follow our blog to stay up to date on the latest news and tips for staying cyber-safe!
References
- https://www.druva.com/blog/understanding-rpo-and-rto/
- https://robinpowered.com/blog/employees-are-key-to-rto-success
- https://www.techtarget.com/searchsecurity/definition/single-sign-on
- https://www.cloudflare.com/learning/access-management/what-is-sso/
- https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/
