Protecting your business from cyberattacks is already a big challenge, and having to be familiar with security jargon makes it even more so. Many people may not be familiar with terms such as malware, viruses, identity protection, and firewalls, which may result in poor business security practices.
So how well do you know your cybersecurity lingo? This quiz can help you find out. Each question will explore the various security aspects that affect your business. At the end of this quiz, you should not only be more knowledgeable about cybersecurity jargon, but you should also be able to protect your business better from cyberthreats.
1. ________ is any type of program designed to cause harm. It can alter or delete data, corrupt files, disable software and hardware, and deny user access, among other things.
C. Trojan horse
Correct answer: B. Malware
Malware is an umbrella term for any malicious software specifically designed to damage or disrupt computers and mobile devices. This includes viruses, Trojan horses, spyware, worms, adware, ransomware, rootkits, and botnets.
Malware is typically distributed via email, and disguises executables and scripts in the form of documents. For instance, the ILOVEYOU worm back in 2000 took advantage of Windows’ default setting of hiding file extensions, so a malicious script such as “love-letter-for-you.txt.vbs” will only display as “love-letter-for-you.txt”, which allays a user’s suspicions of a malware attack.
2. What part of the World Wide Web is only accessible through a web browser called Tor, which allows users to access an encrypted network where they can remain anonymous?
A. Dark web
B. Deep web
C. Deep net
Correct answer: A. Dark web
The dark web is hidden to search engines and used by cybercriminals to buy and sell dangerous items such as drugs, weapons, and illegal pornography. It is also becoming a market for leaked and stolen personal and financial information, company data, and login credentials.
The dark web is not the same as the deep web. While search engines cannot index either, the latter only deals with password-protected or dynamic pages, and encrypted networks. This includes email and cloud storage solutions.
3. Multifactor authentication (MFA) is a security solution that requires users to verify their identity on top of passwords. What are some of the most commonly used authentication factors today?
A. One-time SMS codes
B. Physical keys
C. Facial or fingerprint scan
D. All of the above
Correct answer: D. All of the above
An MFA requirement can fall into one of three categories: something you know (such as your password), something you have (like a physical key or a smartphone), or something unique to yourself (such as your fingerprint, retina, or facial features).
After an employee logs in to your network, they may be asked to verify their identity by inputting a code sent to their smartphone or by scanning their fingerprint or face. Even if a hacker steals a user’s login credentials, attempts to infiltrate that user’s account would be futile without fulfilling the succeeding security requirements.
4. What type of cyberattack occurs on the same day a vulnerability within a software application is discovered?
A. Day one attack
B. Zero-day attack
C. Vulnerability attack
Correct answer: B. Zero-day attack
If a hacker successfully exploits a vulnerability within a software application before its developers can issue a fix, the exploit is called a zero-day attack. Zero-day attacks can be anything from missing authorizations to URL redirects to password security issues to missing data encryption to buffer overflows, among others.
To mitigate the risk of zero-day attacks, make sure your software applications are updated at all times. When a vulnerability is discovered, software developers will likely issue an emergency patch to fix the security issue.
5. What is the fraudulent practice of sending emails purportedly from a legitimate entity (e.g., a bank or your co-worker) to steal personal and financial information?
A. Ransomware attack
Correct answer: C. Phishing
Phishing remains to be one of the most effective methods cybercriminals use to steal data. Previously, scams banked on outrageous tales, like the infamous Nigerian prince scam promising instant wealth. But today, phishing scams are taking advantage of recent events such as the COVID-19 pandemic to instill fear and a sense of urgency in oblivious recipients.
Phishing scams are primarily sent via email, but some cybercriminals also send scams through text messages, also known as smishing. In this scheme, scammers send a bulk text message claiming that the recipient has won a prize or their online account has been suspended. They are then asked to click on a malicious link that will steal personal and financial information.
Be vigilant when you encounter these messages. Flag them as a phishing scam and report them to your IT personnel so they can prevent such scams from victimizing other people.
6. Aside from third parties, your employees can also cause data breaches. They are also known as ________ threats.
Correct answer: C. Insider
Despite a three-year low, insiders are still one of the biggest threats to your business. Employees may accidentally click on a malicious link or attachment, or a disgruntled personnel can deliberately leak confidential data and ruin your reputation.
The best way to reduce the chances of insider attacks is to implement zero trust security. This means anyone attempting to access company applications and files should not be trusted until their identity and access privileges are confirmed. Management platforms such as Windows Server Solutions can help you set access restrictions based on data, job roles, and applications. This way, you mitigate the chances of employees intentionally or accidentally accessing unauthorized files and programs.
How did you do?
4–6 correct answers: Congratulations! You know your cybersecurity lingo.
2–3 correct answers: You know a few terms here and there, but there’s more to learn!
0–1 correct answer: You need to brush up on your cybersecurity lingo skills.
Better cybersecurity for your business shouldn’t be difficult to achieve. USWired’s Network Security services will deliver peace of mind by providing advanced threat protection, data center security, and secure endpoint solutions, among others. To learn more about cybersecurity protection, download our FREE eBook and call us today!