It’s finally October! While many people are hyped for Halloween and pumpkin spice lattes, the folks in Pitt IT are jazzed for Cybersecurity Awareness Month. Despite all the advanced tools, security reviews, secure network design, and constant vigilance of Pitt IT to protect University systems, accounts, and computers, the most crucial security safeguard is … YOU! By understanding how hackers work and what to look for when it comes to cybersecurity risks, you can stop hackers before they arrive. Here are 26 terms* you should understand to #BeCyberSmart!

• Anti-malware/Antivirus: A program that monitors a computer to detect major types of malicious code and prevents damage by blocking, removing, or neutralizing the code.
• Breach: The intentional or unintentional release of secure information to an untrusted environment. Other terms used include “unintentional disclosure,” “data leak,” and “data spill.“
• Credentials: A user's authentication information, typically your username and password, that is necessary to access the service or network.
• Drive-By Download: The unintentional download of malicious code. This happens just by landing on an infected website, even without clicking on a link, pressing download, or opening an attachment.
• Encrypted: Using a secret key to convert information into an unreadable format to prevent access to the data. The only way to read encrypted data is to know the secret key.
• Firewall: A device or program that limits traffic between networks and/or information systems according to a set of rules governing what access is allowed or authorized.
• Guest Network: Enables you to temporarily share your home Wi-Fi with visitors. It gives them access to the internet, but not to other devices on your home network. Set up a guest network rather than sharing your Wi-Fi password.
• HTTPS: A secure internet connection between your device and the computer on the other end. An HTTPS link doesn't guarantee a site is legit or secure, but it's an extra protection. You should never submit payment or other personal information over a connection that isn’t secure.
• Identifiable Information: Personally identifiable information is anything that can be used to identify a specific individual, such as your SSN, mailing or email address, phone number, login ID, or image.
• JavaScript: A popular programming language used by most web apps. JS is often used by hackers to discover vulnerabilities, read cookies, create scripts, and spread/reproduce malware.
• Keylogging: The practice of covertly recording what someone types on their keyboard, including login credentials and other sensitive information. Most keystroke logging is achieved through a Trojan Horse—malware that hides on your computer and runs without your knowledge.
• LinkedIn: A professional networking site that can be used for social engineering by bad actors. Hackers may create fake accounts or impersonate a real person to see your professional network and career status.
• Malware: An umbrella term for malicious software. It refers to a wide range of programs that a hacker can use to damage, steal from, or take control of individual devices or whole networks.
• Network Resilience: The ability of a network to provide continuous operation, despite disruptions or damage; to recover effectively if a failure does occur; and to scale to meet rapid or unpredictable demands.
• Operating System: An OS is the software that gives a computer or other digital device the ability to perform its basic functions. Many malware programs work by altering the OS code.
• Passphrase: A password that is a sequence of words. A passphrase is generally longer than a typical password for added security, but it is easier to remember than a random string of characters.
• Phishing: Emails disguised as legitimate communications designed to trick you into divulging sensitive information or compromising your system, often through bad links or infected attachments. Spear-phishing is a personalized attack using info the hacker learned about you.
• Ransomware: A type of malware that denies access to a computer system or its files by encrypting the data. The hacker only decrypts the files after a ransom has been paid.
• Social Engineering: Manipulating people into performing actions or divulging confidential information by posing as a trusted contact. Social engineering is performed through real-time personal interactions—in person, over the phone, by chat or IM, or via email.
• Spoofing: Tricking or deceiving a computer system or user by hiding your identity through a fake profile or email address or by faking another (real) user’s identity or email address.
• Two-Factor Authentication: AKA, Multi-Factor Authentication. A method of confirming your identity through two or more verification steps. It often combines something only you know (your username and password) with something only you have (a code sent to or action taken on your cellphone).
• Updates: Software fixes that remedy an identified vulnerability. You should identify and install security updates as soon as possible—enabling automatic updates is recommended.
• Vulnerability: A vulnerability is any weakness in a computer system, hardware, or software that can enable a hacker to gain unauthorized access.
• Worm: A standalone malware program that self-replicates and propagates itself so it can spread to other computers. Unlike viruses, they do not need to be triggered by activity of the user.
• XSS (Cross-Site Scripting): A security vulnerability found in web apps that enables attackers to inject client-side scripts into pages viewed by others. XSS attacks may be used to bypass access controls.
• Zero Day Exploit: A computer attack that takes advantage of a security hole before the vulnerability is realized. Because the security issue is not known until the attack happens, the developer has no time to prepare for the breach and must work quickly to develop a fix to limit damage.

Now that you’re a walking glossary of cybersecurity knowledge, go forth and be safe in cyberspace. If you see evidence of any of these hacker tricks targeting you or the Pitt community, report it to the Technology Help Desk. If you suspect you’ve received a phishing email, forward it as an attachment to phish@pitt.edu.

(* There were no especially relevant Q or Y terms, so this list includes an extra PS!)