The Email Security Dictionary
The world of email security contains all kinds of terms that are not often understood intuitively without a clear definition. For this reason, we have created a comprehensive email security dictionary to help you and your team understand the most important cyber security definitions, which will ultimately help you keep your company's data and information safe.
This guide is broken up into two categories: email security acronyms and good old-fashioned cyber security words or phrases.
Email Security Acronyms You Need to Know
Email security terms often consist of acronyms, which are sometimes referred to as cyber security alphabet soup. Here are the most important ones for you to be aware of:
2FA: 2 Factor Authentication
2FA, also known as MFA (multi-factor authentication), refers to the requirement of a password and tangible authentication system, often a confirmation code sent to a cellphone, to allow access to private online accounts or computer systems. These prevent immediate access by hackers to private data and accounts, even if the password has been compromised.
APT: Advanced Persistent Threat
An APT is a cyber attack against a network that is systematic and uses multiple tactics in an attempt to overload existing security measures over time. Hackers using APTs often attempt to infiltrate numerous platforms, and breaking into email accounts is one of the most common methods. Basic security strategies are usually not enough to stop these kinds of attacks, though more advanced security measures can slow them down or prevent them altogether.
Note: this acronym is not to be confused with ATP (Advanced Threat Protection)
DKIM: DomainKeys Identified Mail
DKIM is a helpful email security measure that ensures messages are not altered during transit from the sender to the receiver. It provides the email with a private key while it exits the outbox, and the recipient's inbox uses the organization's public key to verify the sender and that the message was not altered. This security measure is essential for preventing email spoofing attacks.
IMAP: Internet Message Access Protocol
IMAP allows users and email clients to access their messages from multiple devices on the internet. This is what enables people to check their email on their phone, computer, tablet, or other devices, and the email client usually leaves messages on the server until the user deletes them. Nearly all email clients use IMAP to allow widespread email access.
MTA: Mail Transfer Agent
MTAs are the software that actually performs the transfer of emails from one computer to another. It receives emails from other users, and forwards them to its intended recipient. Microsoft Exchange is an example of an MTA.
PKI: Public Key Infrastructure
PKIs are protocols that help data transfer securely over networks with digital certificates that are issued and managed with public-key encryption. A PKI consists of policies, procedures, hardware, software, and so much more.
Email Security Words or Phrases to Be Aware of
Aside from acronyms, email security is also full of terms that may seem more intuitive, but might actually not mean what many people believe they do. Here is some clarification about important email security words or phrases:
Encryption
Encryption usually involves emails sent from one user to another getting scrambled until they are incomprehensible, only to be reassembled with the use of a key. There are several different types of encryption, but email encryption is helpful for keeping emails safe from prying eyes while they are sent, transferred, and received. Every organization should have, at the very least, an email encryption system in place to prevent hacks and data loss.
Data Loss Prevention
Data loss prevention is the proactive efforts by an organization to detect and dismantle security threats and violations before they result in compromised accounts and data loss. Data loss prevention policies often include practices for using, storing, and transferring sensitive data in a safe in secure way to protect employees and clients.
Phishing
Phishing is a common method hackers use to obtain sensitive information and data. Most often, phishing attacks consist of email messages that seem legitimate, but trick recipients into clicking links or replying with private data like login information or passwords. Phishing attacks have gotten more advanced in recent years, and they can result in devastating losses for your organization.
Public Key Cryptography
Public key cryptographies are any systems that use both public and private keys within a network to protect messages. Public keys are held by all users within a network, while private ones are held only by an individual. Some encryption methods use public keys to allow the sender to send their message, while the intended recipient is the only one who can access the message because of their private key.
Ransomware Attacks
Ransomware attacks encrypt files on a device, which makes them unreadable and unusable. Attackers who carry out ransomware attacks often target government agencies or large corporations and demand money in exchange for decryption. Ransomware attacks are often activated when users open an attachment from a bad actor that compromises their files and data.
Spoofing
Spoofing is a cyber attack where hackers use fake information that seems legitimate, such as email addresses or domain names, to get users to divulge important information. Some companies have suffered spoofing attacks where employees received instructions to wire money to illegitimate accounts from an email address that appeared to be a higher up in the company. Less advanced spoofing attacks are easy to spot, but many hackers use surprisingly complex techniques to make it difficult for users to differentiate the legitimate from the illegitimate.
Need More Email Security Assistance? Talk to the Pros at Zix | AppRiver Today!
Now that you have a better understanding of important email security terms, you will be better able to understand and implement basic cybersecurity measures in your own life and organization. Even still, your company will likely still have email security vulnerabilities that can result in compromised data and financial losses.
Fortunately, the email security professionals at Zix have the knowledge and experience they need to help your organization devise a comprehensive email security plan. To learn more about how Zix can get your company off on the right email security foot, please contact us today!