Cybersecurity Jargon: Common Managed IT and Cybersecurity Terms Explained
There has been a lot of talk recently about cybersecurity and managed IT. Unfortunately, not everyone has the same definition of what these terms mean.
In this blog, we will step back and try to clear up some of the confusion around some common IT (short for “Information Technology”) terms and how they might apply to you.
What is Ransomware?
Ransomware is a type of malicious software (malware) that cybercriminals use to take control of your computer or data. Once a cybercriminal gains access to one of the systems on your network, they will deposit ransomware code on one of your network devices. Once the ransomware is activated, it encrypts your files, making them unusable. The attacker then demands a ransom, usually in cryptocurrency. In exchange for the ransom, the cyberattacker promises to provide the decryption key needed to regain access to your files. Essentially, it’s like a digital form of extortion where the attacker locks you out of your own data and asks for money to let you back in.
Worse is when companies pay the ransom but fail to correct how they were infiltrated in the first place, leaving them open to get hit a second (or even third!) time by the same criminals.
Remember that just because you pay a ransom doesn’t mean you’ll get your files back. After all, you are dealing with criminals.
What is Managed IT?
As the roles of information technology professionals expand and become more specialized, companies find it harder and harder to find and retain specialized talent to implement and maintain a secure technology environment. Managed IT provides a way for companies to outsource some or all of their IT department’s workload, from managing security to provisioning users to maintaining computers.
What is a Managed Service Provider (MSP)?
A Managed Service Provider (MSP) is a company that remotely manages a customer’s IT infrastructure and end-user systems. Businesses hire MSPs to handle tasks such as network management, cybersecurity, data backups, and technical support. Companies let the experts at the MSP handle the technical details of maintaining their equipment and network, freeing their internal IT staff to focus on the company’s core operations.
What is Software as a Service (SaaS)?
Software as a Service (SaaS) allows users to access a software application remotely using an internet connection rather than connecting to machines via a local area network (or “on-premises” software). SaaS allows companies to utilize shared network resources, resulting in lower up-front costs, faster deployment, easier upgrades, scalability, and more.
Enterprise SaaS applications are often hosted on cloud networks like Microsoft Azure and Amazon Web Services (AWS). These network providers can offer enterprise-level security, backup and recovery services, and failover capabilities.
Do I need to back up my data if my servers are in the cloud or Azure?
Even if a company’s servers are in the cloud and they use SaaS (Software as a Service) software, there are several important reasons to consider an additional backup solution:
- Data loss prevention: Cloud providers and SaaS applications can experience outages, data corruption, or accidental deletions. An independent backup ensures that the company’s data is secure and can be restored in such events.
- Ransomware protection: While cloud providers have security measures in place, they are not immune to ransomware attacks. An additional backup can serve as a crucial line of defense, allowing the company to restore uninfected versions of their data without paying a ransom.
- Compliance and legal requirements: Some industries have strict data retention and recovery regulations. Additional backups can help ensure compliance with these regulations and provide proof of adherence if audited.
- Control over your data: Relying solely on a cloud provider means trusting them entirely with your data. An independent backup gives the company more control and flexibility over its data storage and recovery processes.
- Quick recovery times: In case of a failure or data loss, restoring data from a dedicated backup can be faster than relying on the cloud provider’s restoration processes, minimizing downtime and business disruption.
What is DMARC Validation?
When sending an email, it is quite easy to populate the Sender field with a false identity. DMARC (Domain-Based Message Authentication, Reporting, and Conformance) validation allows email systems to check if incoming emails are genuinely from the domain they claim to be from. It helps prevent email spoofing, which is when someone sends an email pretending to be someone else.
When an email is received, DMARC validation checks if it passes SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) checks, verifying that the email’s sender is authorized and the message hasn’t been altered. If the email passes these checks, it will likely be legitimate. If it doesn’t, it can be marked as spam or rejected. DMARC validation helps protect against phishing and other email-based attacks by ensuring that emails are from the domains they say they are.
What is MFA?
Multi-factor authentication (MFA) is a security process that requires users to provide two or more verification methods to access an account or system. Instead of just entering a username and password, MFA might ask for something you know (like a passcode), something you have (like a smartphone or a security token), and something you are (like a fingerprint or facial recognition).
For example, when you log into your email, you might need to enter a code sent to your phone or use your fingerprint after entering your password. This extra layer of security makes it much harder for hackers to gain access, even if they have your password because they would also need the second form of verification. MFA is one of the easiest ways your company can add extra protection to prevent unauthorized access to your network.
What is Single Sign On?
Single Sign-On (SSO) is a user authentication process that allows you to access multiple applications or websites with just one set of login credentials. Instead of logging in separately to each service, you sign in once and automatically have access to the other connected services for which you have privileges.
For example, if your company uses SSO, you might log into your email, and from there, you can access your calendar, file storage, and other work applications without having to log in again. SSO centralizes the authentication process and reduces the number of passwords you need to remember, improving security.
What is Zero Trust?
Zero Trust is a security model that requires a user must be verified before being granted access to network resources.
Does SSO work with Zero Trust?
Yes, these two security models often complement each other. SSO will typically enforce MFA for identity verification, while Zero Trust provides continuous monitoring and verification.
What is Least Privileged Access?
Least Privileged Access means that users are only granted access to the necessary resources to perform their work. Least Privileged Access minimizes the damage caused by a bad actor if they acquire a user’s login credentials.
What is Penetration Testing?
Penetration testing simulates a cyberattack on your computer system, network, or web application to find and fix security weaknesses before real hackers can exploit them. Think of it as hiring ethical hackers to test your defenses.
Penetration testers employ various tools and techniques to break into your systems like real attackers. Penetration testing is a proactive way to improve your security and ensure your systems are well-protected against potential threats.
What is a Security Operations Center (SOC)?
A Security Operations Center (SOC) monitors, detects, prevents, investigates, and responds to cyber threats 24/7. Instead of handling security in-house, you outsource it to specialists who use advanced tools to detect and respond to threats in real time. A Managed SOC provides peace of mind, knowing that professionals are handling your security, and can be more cost-effective than building and maintaining your own security team.
Isn’t my company too small to be attacked?
No, these pirates are crafty. They research their targets and determine an appropriate amount to demand. In the case of a smaller organization, we’ve heard of the ransom being less than $20,000. For larger companies, the ransom can be for millions of dollars.
Cybercriminals also will target the weakest link in a chain. They often attack a small company with weak security that is easily compromised, then use that company as a jumping-off point to attack larger companies that do business with it.
How does ArcherPoint help with cybersecurity?
ArcherPoint’s Managed Services team will monitor your network, servers, and devices for suspicious activity or potential breaches. If we find anything, we act quickly to address it, minimizing damage and keeping your data safe.
Contact ArcherPoint to learn more about our Managed IT services.