Scroll for an A to Z guide to the concepts covered in our training videos
A
Ad Identifier
An ad identifier enables most third-party tracking on mobile devices. Per this article from EFF, "disabling it will make it substantially harder for advertisers and data brokers to track and profile you, and will limit the amount of your personal information up for sale."
Advanced Persistent Threats
When an unauthorized user invades a network, stays for an extended period of time, and steals data without harming the network.
Attack Vector
The technique a hacker uses to gain access to a computer or network in order to achieve a malicious outcome.
B
Backdoor
Backdoor programs are applications that allow cybercriminals or attackers to access computers remotely. Backdoors can be installed in both software and hardware components. Many backdoor programs make use of the IRC backbone, receiving commands from common IRC chat clients.
Backdoors can also spread via malicious apps on mobile devices and smart devices. In January 2016, Android-based smart TVs were hit by a malware that installed a backdoor in the TVs and allowed the download of other malware.
Backdoors play a crucial role in targeted attacks because they can be used to take control of affected systems, allowing attackers to steal credentials and establish connections without being found. With backdoors, attackers can perform the following techniques: port binding, connect-back, connection availability abuse, legitimate platform abuse, common service protocol abuse, protocol/port listening, custom DNS lookup use, and port reuse.
Bot
Programs that automatically execute tasks as ordered by the creator of the program that has infected them.
Botnet
A collection of private computers that are infected with malicious software that are being controlled without the owner’s knowledge.
Browser Extension
A small software module for customizing a web browser.
C
D
Dark Pattern
A dark pattern is design choice within a user interface that has been crafted to encourage specific user behaviors
Dark Web
The part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable
Data Breach
A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A small company or large organization may suffer a data breach. Stolen data may involve sensitive, proprietary, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security.
The effects brought on by a data breach can come in the form of damage to the target company’s reputation due to a perceived ‘betrayal of trust.’ Victims and their customers may also suffer financial losses should related records be part of the information stolen.
Data Broker
an individual or company that specializes in collecting personal data or data about companies, mostly from public records but sometimes sourced privately, and selling or licensing such information to third parties for a variety of uses.
Data leaks
Data leaks are is the unauthorized transfer of data from within an organization to an external recipient. Data leaks can happen digitally or physically, as in the case of a stolen USB drive
Data minimization
The practice of sharing or collecting the amount of personal information that is necessary to complete a specified purpose
Domain Name
A domain name is a unique, easy-to-remember address used to access websites, such as ‘google.com’, and ‘nycdigitalsafety.org’
Doxing
the act of publicly revealing previously private personal information about an individual or organization, typically via the Internet. Methods employed to acquire such information include searching publicly available databases and social media websites, hacking, social engineering.
G
GDPR
GDPR stands for the General Data Protection Regulation. The GDPR was created in 2016 by the European Union to establish laws on data protection and privacy in the European Union and the European Economic Area.
The GDPR is an important component of EU privacy law and of human rights law. It is pursuant to Article 8 of the Charter of Fundamental Rights of the European Union.
H
Hacker
A hacker is a person who creates and modifies computer software and hardware for either negative or positive reasons. Criminal hackers (cybercriminals) create malware in order to commit crimes.
L
Location Data
Geographical information about a specific device's whereabouts that's associated with a specific date and time.
M
Malware
Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system
Multi-factor Authentication
A method used by online services in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. These systems often rely on an item that is known (e.g. a password) and something the user has (e.g. their phone).
O
Online Surveillance
Online surveillance is the monitoring of the online behavior, activities, or other changing information.
P
Password Manager
A computer program that allows users to create, store, and manage their passwords.
Phishing
The fraudulent practice of sending emails purporting to be from reputable companies in order to persuade individuals to reveal personal information like passwords and credit card numbers
Privacy
the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.
S
Search History
the list of web pages a user has visited, as well as associated metadata such as page title and time of visit. It is usually stored locally by web browsers in order to provide the user with a history list to go back to previously visited pages.
SIM Card
a smart card inside a mobile phone, carrying an identification number unique to the owner, storing personal data, and preventing operation if removed.
Smishing
the fraudulent practice of sending text messages purporting to be from a reputable company with the purpose of inducing individuals to reveal personal information like passwords or credit card numbers
SMS
SMS is a text messaging service component of most telephone, Internet, and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text messages.
Spam
Spam includes all forms of unwanted communications including, but not limited to unsolicited calls or messages, Caller ID spoofing, robocalls, et cetera. In many cases, spam is directed to large numbers of users for the purposes of advertising, phishing, spreading malware, and other schemes.
Spoofing
Spoofing is a type of scam in which a criminal disguises an email address, display name, phone number, text message, or website URL to convince a target that they are interacting with a known, trusted source.
T
Threat
Threats are security issues that include the following: malware, grayware/adware, spyware, spam, phishing, and bots/botnets.
Threat Assessment
The practice of determining the likelihood and seriousness of a potential threat, as well as the probability that the threat will become a reality.
Trojan Horse
A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.