The security world is rife with TLAs (three-letter acronyms) and other terms that can seem incomprehensible. Even seasoned professionals struggle as different industries use the same acronyms to mean completely different things — IP to a lawyer is intellectual property, but to a network engineer, it’s the internet protocol.
To help clear up the confusion, we’ve compiled a list of common acronyms related to cybersecurity and cyber insurance, along with simple explanations and key takeaways to help you tackle these risks!
FTF is a type of payment fraud used by attackers to steal money by manipulating payment mechanisms like invoices or wire transfers. Attackers socially engineer someone into making a payment or changing payment details like the destination account, often using email or phone calls.
These may come from sources that appear to be legitimate such as an email from a known business partner whose email address was spoofed or an urgent phone call that necessitates an unusual transfer.
RDP, which allows a user to connect to a Windows computer remotely and control it as if they’re sitting in front of the screen, is a security nightmare.
RDWeb provides the same functionality but allows the user to connect using a standard web browser. RDWeb introduced some security benefits but has suffered several security failings and remains strongly correlated to the likelihood of a cyber attack, as we’ve seen in recent cyber claims.
A user’s identity controls access to computer systems. For example, Alice is authorized to access financial data but denied access to HR data, while Bob has access to project data but not accounting or financial data. Both users have to prove their identities using an authentication factor — something they know (a password), have (a trusted company-issued laptop), or a measurement of some biological characteristic (a fingerprint).
Username and password is a standard authentication technique but unfortunately easy to steal. 2FA and MFA add a second factor, like a randomly-generated code from a smartphone app, in order to gain access.
BEC is a multi-pronged problem and one of the most prevalent data breach claims we see at Coalition. When an attacker accesses an employee’s email, this is known as BEC. To make matters worse, email is often a pathway to more severe attacks.
Think about all the things you use email for, like exchanging sensitive information or resetting passwords. Now imagine an attacker with those same capabilities.
Wear sunscreen. Not a security tip, just super useful advice. But that’s not the SPF we’re talking about here. SPF is a setting you can add to your domain (your-company-name-dot-com) to specify which email servers can legitimately send email for you. To put it simply, it prevents someone from setting up an email server and sending messages on your behalf.
Closely related to SPF are DomainKeys Identified Mail (DKIM) and Domain Message Authentication Reporting & Conformance (DMARC). In short, DKIM helps ensure emails aren’t altered in transit, while DMARC helps you specify how SPF and DKIM work together to secure your email. If this is too technical, don’t worry — check out this Coalition Learning Center article for specific instructions.
Security is fast-paced, and the terminology is a challenge. The acronyms and concepts in this guide are far from exhaustive, but explain some of the most common issues we see at Coalition in terms of questions, incidents, and insurance claims.
For specific questions or additional details, you can always reach us at [email protected]. We are happy to set up time to discuss how to improve your security and reduce your cyber risk.
For 10 simple steps you can take today to protect your business, download the Coalition Cybersecurity Checklist.