Your Guide to Online Safety
You have the power to stay safe online! Use our massive collection of resources to learn how to take control of your online life and find peace of mind in our interconnected world. We have hundreds of articles, videos, infographics, and more for you to learn from and share. Use our materials to raise awareness at home, work, school, or anywhere in your community!
A
AI Tools
Software programs that use AI techniques to achieve specific goals. This includes Generative AI such as ChatGPT, Copilot, and DALL-E’
B
Bad Actor
Someone who tries to steal information or exploit computer systems and networks maliciously. These cybercriminals operate outside the rules with the intent of doing damage or nabbing information.
Biometrics
Using physical characterstics (either finger print or facial features) as a security method to enforce access control.
Bot
Bots are automated software programs to perform certain tasks like customer service and web search. However, Bad Actors often utilize bots to spread viruses, steal personal information, or control another computer system.
Business Email Compromise (BEC)
This sophisticated hack targets email communication within organizations. When successful, BEC can lead to financial losses, reputational damage, and compromised sensitive information.
C
Certificate-Based Authentication
Security method which uses digital certificates to verify users' identity and enforce access control. Think of it as a "Virtual ID Card" that contains information about its user, either granting or preventing access to certain networks or programs.
Chief Information Security Officer (CISO)
Exeuctive within a company who is responsible for the organization's Information Security policies, strategies, risk management, training, ad incident response planning. The CISO plays a crucial role within an organization, helping safeguard assets and personal information of its organization and employees while maintaining strong security culture.
Cloud
System of remote servers which facilitates the storage, management, and processing of data on the internet rather than locally on a device. The cloud allows users to access their resources and apps from anywhere with an internet connection as opposed to only on their native devices.
Cookies
Cookies are pieces of data stored on a user's device by a web browser while using a site, eventually creating a"trail of crumbs" which details your browsing history and is used by sites to enhance your experience by personalizing ads, remembering preferences, and retaining history like online cart items. It is important to be aware when your cookies are being tracked - websites must ask for your consent before doing so!
Crimeware
Malicious software designed specifically to facilitate criminal activity
Critical National Infrastructure (CNI)
This refers to the essentual systems which are crucial for our nation's secrutiy, economy, public health, and safety. They are the necessary functions of a proper society (including energy, transportation, utilities, healthcare, communications, banking, etc.), meaning the privacy and security of their data is paramount. Protecting CNI is essential for the security of our nation, making it one of our key focuses.
Cybersecurity
The practice of protecting private information, computer systems, and device networks from unauthorized access which could result in damages or theft of information. These practices involve the application of various technologies, processes, and security measures to defend against a world of threats to your data.
D
Data Broker
Data brokers are organizations or individuals that collect, analyze, and see personal information about consumers to other organizations (often without the data owner's consent). Sometimes this data includes Personally Identifiable Information (PII) like phone numbers and demographics, but can also include other info such as purchasing habits and general online behavior.
Data Governance
Data governance is the management framework for a database or other data strcutrue which establishes standards and processes to ensure data integrity, security, and availability within an organization. Within the domain of cybersecurity, it is necessary for protecting sensitive information and compliance with legal requirements.
Data Minimization
This principle encourages organizations to collect/retain only data which is necessary for a specific purpose or goal. Data minimization aims to reduce the amount of sensitive information that could be exposed in a data breach, creating a more secure environment. Addition by subtraction!
Data Mining
Data mining is the process of contextualizing very large sets of data (a.k.a. "Big Data") to uncover trends, patterns, and other insights into market tendencies. In the context of our mission, data mining aids in extracting useful information from security-related data sets to improve processes in threat detection, incident response, and overall security measures.
De-Identified Data
Information that has been processed to hide personal identifiers , making it more difficult to be traced back to an individual. This allows organizations to protect sensitive PII.
Decryption
Decryption is the process of un-scrambling encrypted data and reverting it back to its readable (original) format. For cybersecurity experts, it is a crtical function which enables certain authorized users to access and comprehend dats which has been secured via encryption.
Defacement
Comparable to "Cyber Vandalism," defacement is when an unauthorized bad actor alters an existing web page to change its visual appearance and/or content. It is often done by exploiting vulnerabilities in a website's security and is done with the intention of making an organization's website inaccessible to either slander the organzation or compromise information.
Denial of Service (DoS)
Type of cyberattack in which an attackr overloads a server, webite, or network with traffic requests in an attempt to prevent access to said system.
Digital Certificate
Electronic form containing a public key with information on a user which is used to confirm the identity of a person or device during online transactions.
Domain Name System (DNS)
Like the internet's address book, it ensures users reach the correct websites when visiting a URL. DNS is often the target of spoofing attempts, which redirect users to malicious sites.
E
Encryption
A method of scrambling data to make it unreadable. Only someone/something with a decryption key can read the data in this format, keeping sensitive information protected.
Ethernet
Wired internet connection to more quickly transmit data. Ethernet is more secure than wireless connection, as physical cables make unauthorized access more difficult.
F
Firewall
Security tool that monitors incoming and outgoing network traffic, flagging and preventing unauthorized access. It acts as a virtual barrier, only allowing trusted data through and blocking harmful connections.
Flooding
This is a type of cyber attack in which a network is overwhelmed wih excessive traffic with the intent of slowing down or crashing services. It is often used in Denial of Service (DDoS) attacks.
G
Gateway
Access points between networks which help manage traffic, exchange data, and filter potential threats.
H
HTTPS (Hypertext Transfer Protocol Security)
An encryption which secures your access to a website. It protects the data exchanged between your browser and a site.
I
IP Address
Like your home address on the internet - it's a unique string of numbers attached to device. This helps networks track suspicious activity.
M
Masquerade Attack
When a bad actor pretends to be an authorized user to gain access to sensitive information. The attacker attempts to bypass security measures by "masquerading" as an authorized user.
O
One-Way Encryption
A method of irreversibly encrypting data - it is ideal for storing sensitive information as it prevents data from being readble, even if it were to be access by unauthorized users.
P
Packet
Think of this as a "unit" of data which is sent across or between networks. Packets are often monitored for unauthorized access or suspicious traffic patterns.
Pharming
A type of cyberattack that redirects users from legitimate websites to a malicious one.
Proxy Server
Intermediary server between devices and the internet which handles a user's requests. Proxy servers enhance security and privacy measures by masking your IP address and filtering traffic to block access to harmful websites.
R
Risk Assessment
The process of identifying, analyzing, and evaluating potential security risks to an organization. Understanding these risks is crucial for firms in developing strategies to protect their sensitive information.
Role-Based Access Control
A security approach in which users are granted access permissions based on their role within an organization. RBAC is critical in making sure information is only accessed by those with proper authorization.
Rootkit
A type of malicious software that is planted on a device and allows bad actors to control the system undetected. Rootkits are dangerous as they can conceal other malware, making them even more difficult to detect.
S
Security (Attitude)
A psychological disposition people have towards making an evaluative judgment about security (i.e., the way we think or feel about it). For reporting attitudes, we used 5- and 10-point Likert scales (e.g., “strongly disagree” to “strongly agree”) to examine positive and negative views people hold about particular security topics.
Sensitive/Important Online Accounts
Online accounts holding identity, location, and payment information (e.g., payment-related sites, social media accounts, and work accounts)
Server
A system which provides services and/or data to "clients" over a network. Servers often store sensitive information and handle many connections, making them a prime target for cyber attacks.
Social Engineering
A manipulative strategy in which bad actors trick users into revealing sensitive information or granting unauthorized access to a system. Social Engineering often involves impersonation or other forms of persuasion to bypass security without directly attacking a network.
Spoof
Most commonly observed with websites, spoofing is the impersonation of a legitimate entity to trick users into disclosing sensitive information. Always make sure to hover over a URL before visiting the website!
Stealthing
Technique used by attackers to hide malicious software or suspicious activity from being detected. Bad pose a major threat by operating undetected while infiltrating a system.
T
Tamper(ing)
The altering of data, devices, or systems without authorized permission to manipulate information. It compromises Data Integrity and reliability of data systems.
Threat Actor
Any individual or group that serves as a potential cybersecurity risk. They can range from cybercriminals/hackers to state-sponsored groups with varying motives to carry out attacks.
Trojan Horse
A type of malicious software that disguises itself as a legitimate program, deceiving users into installing it. Once activated, Trojan Horse software can grant access to unauthorized threat actors.