This article provides an overview of KnowBe4, the university partner chosen to deliver several cyber security awareness training courses. The article also explains:

• How to get access to the training platform
• What to do in case you cannot open the training in your browser.

As part of the ongoing activity to keep the University safe from the threat of cyber-attacks, we strongly recommend all staff and students complete the training course.

Please note:

• "Staff": this word refers to every member of staff who owns a staff ID, including casual or temporary staff
• "Students": this word refers to undergraduate students (UGs), postgraduate students (PGTs), and Postgraduate Research students (PGRs).

Overview of KnowBe4

The University has partnered with KnowBe4 to deliver cyber security awareness courses. 
KnowBe4 is a market-leading external specialist company which provides cyber security awareness training to different organisations.

---

Back to the top

 

Enrolment Email - Authenticity

If you are unsure of the authenticity of the email received related to KnowBe4 training, there are a few quick checks highlighted below, these points / checks can be verified by viewing the header of the email of hovering over the Hyperlinks to ensure the email is not a Phishing/Malicious email.

Check list

• Expected email subject: "You've been enrolled in Cyber Security Training"
• Expected email address of the sender: training@cyber.soton.ac.uk
• The sentence "Complete your training here" is linked to the following web page: https://go.soton.ac.uk/it/cybertraining
• The sentence "Cyber Security SharePoint site" is linked to the following web page: https://sotonac.sharepoint.com/teams/CyberSecurity
• The sentence "Here is a helpful Knowledge Base article to support you." is linked to the following web page: https://sotonproduction.service-now.com/serviceportal?id=kb_article_view&sysparm_article=KB0083106

 

 

---

Back to the top

 

How to access the training

Getting started

To complete the training courses, please: 

1. Open the training platform

2. Log in using your university username followed by @soton.ac.uk (for example, ab1c24@soton.ac.uk) and password. 

 
If you have MFA (Multi-Factor Authentication) setup, you will need to authenticate using your preferred method. Please do not set up a username or password with KnowBe4 as this is not required to complete the training.

3. Select the Training tab

Please note:

• If you need to share the training link with a colleague, please use the following URL: https://go.soton.ac.uk/it/cybertraining. 
• You can always access your training through the Cyber Security training portal. 

Video tutorial

Getting Started with KnowBe4 Security Awareness Training – Knowledge Base

---

Back to the top

 

Training courses available

The University strongly recommends that all staff and students complete the following 60-minute course.

The course will show you how to protect yourself from email fraud and will cover topics such as:

• Working remotely: covers secure practices like using VPNs and protecting sensitive information when working off-campus. 
• Protecting your computer at home: focuses on antivirus software, strong passwords, and regular updates for home computers. 
• Keeping safe on social networks: emphasizes privacy, avoiding oversharing, and recognising social engineering attacks.
• Cloud: covers choosing secure providers, setting passwords, encrypting data, and ensuring you use the right applications.
• Mobile devices: focuses on strong passwords, updates, and cautious use of public Wi-Fi and untrusted applications on mobile devices.
• Traveling safely and securely: guides on protecting devices, using secure connections, and being cautious with public Wi-Fi while traveling and other the security risks while traveling.
• Business Email Compromise: educates on identifying and preventing email scams that impersonate university officials and other team members.
• Phishing: Teaches recognition and avoidance of phishing attempts designed to steal information or infect devices.

You can complete the course in more than one session, though we recommend completing the training as soon as possible.

At the end of every module, you can download a certificate attesting you have been successful.

Optional Training

On the Library tab of your Dashboard, you can view the Optional Learning content suggested by the Cyber Security Team. The optional learning provided encourages users to choose training content that interests them and can help you create a stronger security awareness culture.

---

Back to the top

 

KnowBe4 Badges

As you complete your training or report phishing emails, you can earn badges. Each badge is based on a specific achievement, such as completing multiple training assignments within 24 hours or reporting 100 simulated phishing emails. On the Badges tab of your Dashboard, you can view all the badges you have already earned as well as any available badges.

You can get more information on the badges in the KnowBe4 article "Understanding Your Dashboard".

---

Back to the top

 

Accessibility

Overview

All KnowBe4’s courses published after November 2019 are 508/ADA compliant and have been tested with a screen reader.

KnowBe4 is committed to providing access to all learners by maintaining an open dialogue with:

• Universities
• Web accessibility technology vendors
• End-users.

KnowBe4 eLearning staff receives continuous education on the World Wide Web Consortium (WC3) Accessibility Standards. KnowBe4 has created a new courseware player with accessibility – to find more information, please read the page KnowBe4's Courseware Player Guide.

The accessibility statement for the KnowBe4 training courses is available on the Cyber Security SharePoint site. If you have any concerns or comments, please contact ServiceLine.

Accessibility checks done

We completed the following quick accessibility checks when checking the content. This does not mean a full accessibility audit has taken place but does show that we have performed some due-diligence checks while we await the results of a formal accessibility audit from the vendor.

• Keyboard: we can complete workflows using the keyboard, and not the mouse.
• Focus indicator: when using the keyboard to navigate, a focus indicator shows where you are on screen and has good contrast, making it easy to notice.
• Alternative text: images have alternative text.
• Reflow: that content reflows to different screen sizes and levels of screen zoom. This is also known as responsive design.
• Text size: if users change font size, does text resize appropriately without getting cut off, overlapping content?
• Headings: web page is structured with headings <h1> <h2> etc.
• Links: links in body text are underlined and have a different colour to the body text.
• Video captions: any videos have captions for speech and sound effects (e.g. "door slams shut")
• Audio description: any videos that show important information without narration that is captioned have an audio description that describes important content shown visually.
• Background music: videos have no or very low background music, this helps listeners to concentrate on the important content.
• Contrast: text and images are presented with sufficient contrast
• Different modes of engagement: there are different ways to achieve the same outcomes.
• No "walls of text": content is "chunked" and formatted in ways that avoid walls of text, for example bulleted lists.

Known issues

We are aware of the following known issues:

• The end screen of the "How to behave: travelling safely" has poor contrast of the background and some of the text. The text is identical to that which appears on other end screens.
• In the "Phishing foundations" module: screen readers may experience difficulties reading the "red flag" popups in the intended order.
• In the "2024 Social Engineering Red Flags" module: the keyboard focus does not automatically move to the next video button and you have to navigate from the start of the page.
• In the "Clean Desk Policy: What you need to know" module: the background music is quite loud and the sound effects may seem sharp to some learners. You may prefer to turn the sound down and use the captions if you find this affects you.
• Line managers might see staff that have already left the university as mandatory participants. This issue is related to the account's timing of expiration. As soon as the former staff account is closed, the list of mandatory trainees will be updated.

---

Back to the top

 

Glossary

Across the training, you will meet keywords or acronyms such as Acceptable Use Policy (AUP), CEO Fraud, and many others. If you need any clarification about them, you can check the training’s glossary as follows or jump to the KnowBe4 complete glossary section:

1. Select the burgher button at the top-left corner of the training window

2. Select the Glossary tab

3. Scroll down the list of terms
 

---

Back to the top

 

Issues accessing or using the portal

Issues logging into the training portal

Please make sure you are using the correct link to complete the training.

The link should recognise your University account and take you to the portal directly. If the link does not recognise your account, you may be prompted to enter your University username and password.

Please enter your details and the page should re-direct you to the portal.

Issues accessing the training modules via Firefox or other browsers

There are currently no known issues with accessing the training modules on recent versions of: 

• Firefox
• Chrome
• Edge
• Opera 
• Safari

Depending on your browser settings some of the course module content could be affected by certain settings. If you are experiencing issues with any of the browsers, please read the KnowBe4 Knowledge Base article "Why can’t I open my training in my Browser".
If you are still experiencing issues, please use Google Chrome or Microsoft Edge as an alternative browser platform.

Former staff appears into line manager's mandatory list

Line managers might see staff that have already left the university as mandatory participants. This issue is related to the leaver's account timing of expiration.

As soon as the former staff account is closed, the list of mandatory trainees will be updated.

Cannot access KnowBe4 platform

It might happen that you see the following error page when you try to open the training platform:

To access the platform, please:

1. Open your browser's settings
2. Clear the cookies
3. Refresh or launch again the training platform

---

Back to the top

 

Getting IT help

If you need further help with access, please contact ServiceLine.

If you have questions or concerns about the training and the information provided, please contact the Cyber Security team.

---

Back to the top

 

KnowBe4 complete glossary

The following glossary duplicates the one you will find in every module of the training:

Acceptable Use Policy (AUP): a policy that defines the terms a user must agree to in order to use the organisation's network/Internet and the actions that they are allowed to perform while using it.

Access Control: a system or technique for allowing or denying access. A door lock is a type of physical access control. Passwords and other types of identification and authorisation are also access controls.

Advanced Persistent Threat (APT): a prolonged, stealthy network attack that is generally difficult to detect by network security controls, thus allowing it to linger for a long period of time and steal data until it is discovered.

Adware: software that automatically displays or downloads unwanted advertisements to collect marketing data without the user's knowledge or redirects search requests to certain advertising websites. Adware that does not notify the user and attains their consent is regarded as malicious.

Airplane Mode: a setting on mobile devices that prevents the device from sending or receiving calls and text messages. Airplane mode is also known as ‘offline mode’, ‘standalone mode’ and ‘flight mode’.

Allowlisting Software: a technology created to keep computer systems safe from unwanted software, including malware. It works together with application blocklisting to keep malware and other unauthorised software from running on a system. Also known as ‘safelist’ or ‘accept list’.

Antivirus Software: a program that monitors a computer or network to prevent, detect, contain and remove all major types of malware incidents.

Attachment: a computer file sent along with an email message, widely used to transfer photos and documents to another person. Also known as an ‘email attachment’.

Attack Vector: any way that a cybercriminal can gain access to a network such as outdated software, badly written code that allows for buffer overflows, or social engineering using malicious attachments.

Authentication: a process that provides proof that the person who is trying to log in is, in fact, the correct person and authorised to access the network. A username and password combination is a simple form of authentication.

Backdoor: a method of bypassing standard authentication, giving an attacker unauthorised access to a computer so that they can control it remotely while attempting to remain undetected. The backdoor may take the form of an installed program (e.g. Back Orifice), or malware could modify existing software on the computer creating a backdoor that way.

Bad Actor: refers to someone who attempts to infiltrate systems and data banks with malicious intent. Criminal hackers, cybercriminals, social engineers and Internet scam artists fall under this category.

Best Practice: a method or technique that consistently shows results that are superior to those achieved by other means.

Bitcoin: a digital currency (also called ‘cryptocurrency’) that is not sponsored by any country’s central bank or government but can be traded for goods or services with vendors and other individuals who accept them as payment.

Blocklisting: a technology that prevents items specifically appearing on a related blocklist from being executed or delivered. For example, an application control program can prevent a blocklisted program from executing or a spam blocklist can prevent email from a blocklisted domain from being delivered.

Bluetooth: a short-range radio technology (or wireless technology) that simplifies communications between devices and a computer or another device.

Botnet: a botnet (short for robot network) is a number of Internet-connected devices, each of which is running one or more bots autonomously. Also called a ‘bot army’, botnets can be used to bring down a network, send spam or access a device and its connections to steal confidential data, which is then sent back to the botnet command and control (C&amp;C) servers. They are managed by a ‘Bot herder’ or ‘Bot master‘, who targets other systems with the botnets they control.

Bring Your Own Device (BYOD): the policy of allowing employees to use their personal devices such as laptops, tablets and smartphones for work.

Business Email Compromise (BEC): a  spear phishing attack that utilises a compromised or mimicked email address of an executive to request a wire transfer of funds or other sensitive info. One common type of BEC is CEO Fraud.

Call-to-Action: words that urge the viewer or listener of a sales promotion message to take an immediate action, such as ‘Write now’, ‘Call now’ or (on the Internet) ‘Click here’.

CEO Fraud: a spear phishing attack that targets people in the accounting department, in which the hacker claims to be the CEO (or another executive) and urges an employee to transfer large amounts of money.

Certificate: an electronic ‘password’ that allows a person or organisation to exchange data securely over the Internet using the public key infrastructure.

Chief Executive Officer (CEO): the highest-ranking person in an organisation or other institution, who is ultimately responsible for making managerial decisions.

Chief Financial Officer (CFO) / Chief Financial and Operating Officer (CFOO): a corporate officer primarily responsible for managing the organisation’s financial risks, financial planning and recordkeeping, and financial reporting to higher management.

CIA Triad: an Information Security model designed to guide policies for information security within an organisation; equal parts confidentiality, availability and integrity. ‘Confidentiality’ is a set of rules that limits access to information. ‘Integrity’ is the assurance that the information is relevant, accurate and trustworthy. ‘Availability’ is a guarantee of ready access to the information by authorised people only.

Classified Information: sensitive information to which access is restricted by law or regulation to particular groups of people.

Clickbait: an eye-catching link or controversial story on a website which encourages people to read on. Can also be used to get users to click on links to malware.

Clickjacking: clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is ‘hijacking’ clicks meant for their page and routing them to another page, most likely owned by another application, domain or both.

Client (Computing): any device on a network that can obtain information from a server. For example, a web browser accessing the Internet.

Cloud: the computer resources where an individual or organisation can store and access files, and run computer programs remotely over the Internet.

Compliance: the goal that organisations aim to achieve by adhering to relevant laws, policies and regulations specific to their industry. In the context of Internet security, compliance means having an Information Technology (IT) environment that meets the regulations of the industry in which an organisation operates. An example of compliance standards would be Payment Card Industry Data Security Standard (PCI DSS).

Controlled Unclassified Information (CUI): information the US federal government owns or has created that needs to be safeguarded and disseminated using only controls consistent with government laws, regulations and policies.

Credential hygiene: credential hygiene is the anticipation, recognition, evaluation, control, and prevention of hazards that might occur if credentials are compromised.

Credentials: a user’s authentication information, such as their username and password.

Crimeware: malware intended to steal money from an individual or financial institution.

Crimeware-as-a-Service (CaaS): the process of paying for a crimeware service (such as ransomware or phishing campaigns) instead of developing one’s own.

Cryptographic: of, relating to, or using cryptography, which is the process of converting ordinary information (called plaintext) into unintelligible text (called ciphertext). A cipher (or cypher) is a pair of algorithms used to create the encrypted ciphertext and the reversing decryption.

Cybercrime: crimes that target computer networks or devices and their users directly. Examples include malware, denial-of-service attacks via botnets and spear phishing.

Cybercriminal: an attacker who uses technology to steal data, money or other sensitive information.

Cyberheist: an incident in which organised crime penetrates the network of an organisation and empties its bank accounts through the Internet. Also, the title of a book by KnowBe4’s CEO, Stu Sjouwerman.

Cyberterrorist: an attacker motivated by some ideology who tries to destroy computers, networks, physical infrastructure such as water plants and energy plants, and commercial infrastructures such as stock markets for the purpose of causing terror to further their cause.

Dark Web: the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.

Data Breach: the intentional or unintentional release of secure information to an untrusted environment. Other terms used include ‘unintentional information disclosure’, ‘data leak’ and ‘data spill’.

Data Controller: the party who decides the purpose and manner to be followed when processing data.

Data Processor: processes data on behalf of a data controller. Data processors hold and process data, but do not have any responsibility or control over that data.

Data Protection Directive: a directive adopted by the European Union (EU) in 1995 that protected the personal information of EU residents and was superseded by the General Data Protection Regulation (GDPR) in May of 2018.

Data Protection Officer: a data protection law expert, such as a lawyer or auditor, that acts as the single point of contact for all data processing notifications and reports to the highest level of management.

Data Subject: an individual who is the subject of personal data.

Decryption: the process of changing encrypted information into its original format.

Deepfake: a digital file manipulated by cybercriminals to make it seem like someone else is saying or doing something. Often used as a disinformation tactic.

Disinformation: false information intentionally created to deceive and mislead. Disinformation is often forwarded to friends and family, which is then commonly referred to as misinformation.

Disk Image (DMG) File: the file format used by the Mac OS X operating system for distributing software.

Distributed Denial-of-Service (DDoS): an attempt to make a computer server unavailable to its intended users, by overwhelming it with requests for information. This can cause the server to crash, preventing it from functioning efficiently or at all. Using many systems for a DDoS attack allows more disruptive traffic to be sent, often making it easier to disrupt the legitimate service completely and harder for a victim to recover from the attack. Also called a denial-of-service attack (DoS attack).

Domain: a name used to identify one or more Internet Protocol (IP) addresses formed by the rules and procedures of the Domain Name System (DNS).

Domain Name: the part of a web address that tells you who the owner of that webpage is; for example, ‘KnowBe4’ is the owner of www.knowbe4.com.

Domain Name Registration: the act of reserving a name on the Internet for a certain period, usually one year. It is important to know that this domain will remain yours for as long as you renew it, and that there is no way to purchase a domain name forever.

Domain Name System (DNS): the Internet's system for converting alphabetic web addresses into numeric IP addresses. When a web address is typed into a browser, DNS servers return the IP address of the web server associated with that name. For example, the DNS converts the URL ‘www.company.com’ into the IP address 204.0.8.51. Without DNS, you would have to type the series of four numbers and dots into your browser to open the website.

Domains Triad: a security triad covering the three domains – cyber, physical and people – and how they all overlap in the battle against cybercrime.

Drive-by Download: the unintentional download of malicious software to your computer or mobile device, which leaves you open to a cyberattack. This happens without a user clicking on a link, pressing a download button or opening an attachment. It occurs in the background with no notification, just by visiting a particular webpage.

Email Account Compromise (EAC): a close relative of Business Email Compromise (BEC). The primary difference is that with EAC, criminals target individuals rather than businesses to initiate fraudulent wire transfers.

Email Domain: the web address that comes after the @ symbol in an email address.

Email Spoofing: a form of social engineering in which an email message is forged so that it looks like it’s coming from someone else, such as your CEO.

Embedded Hyperlink: a link that is shown visually as text rather than an actual URL. For example, the words ‘KnowBe4 homepage’ could be set as an embedded hyperlink leading to www.knowbe4.com.

Enable Content / Enable Macros: a button in a document/file that the user needs to click on to activate certain functions designed to automate tasks. Cybercriminals can use them for nefarious purposes.

Encrypt: the process of making data unreadable to unauthorised viewers. Before anyone can read encrypted text, it must first be decrypted. By encrypting sensitive data, you can reduce opportunities for criminals to steal sensitive information.

End-to-End Encryption: a system of communication where the only people who can read the messages are the people communicating.

Endpoint (Endpoint Device): any device that is connected to a data network. Desktop computers, laptop computers, printers, tablets and smartphones are all endpoints.

Exactis Breach: security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records including very personal information on hundreds of millions of American adults, as well as millions of businesses.

Exploit: an attack on a computer system that takes advantage of a bug, glitch or vulnerability in other code in order to cause unanticipated behaviour, aiming to acquire access to the system.

External Media: storage devices that store information outside a computer.

Fake Profile: the representation of an entity on social media that does not truly exist. The person creates a profile with real or fake connections that look very convincing, all designed to trick you into ultimately taking an action that is not in your best interest.

Family Educational Rights and Privacy Act (FERPA): a United States federal law intended to protect certain education records of students, such as family information and disciplinary records.

Federal Energy Regulatory Commission (FERC): a United States federal agency that regulates the transmission and wholesale sale of electricity, natural gas and oil.

Federal Financial Institutions Examination Council (FFIEC): a United States council consisting of five banking regulators for the purpose of supervising financial institutions.

File Types: different types of computer files that have different extensions (the letters after the dot), for example, ‘.doc’, ‘.txt’ or ‘.pdf’.

Format: to prepare the chosen partition (part) on the drive (flash drive, hard drive or USB drive) by clearing all the data and setting up a blank file system.

General Data Protection Regulation (GDPR): a regulation that came into effect in May of 2018 and officially replaced the Data Protection Directive. It is a legal framework that applies to all organisations worldwide and sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Gramm–Leach–Bliley Act (GLBA): a United States regulation that sets the standards for how financial institutions handle the private information of individuals. Pronounced ‘glibba’. Also known as the Financial Modernization Act of 1999.

Hack: to use a computer to gain unauthorised access to files and information on another computer or a system of networked computers.

Hacker: a technically skilled computer expert who uses their technical knowledge to overcome problems. A criminal hacker is anyone who uses their hacking skills for illegal purposes.

Hash: a hash is a string or number generated from a string of text. The resulting string or number is a fixed length and will vary widely with small variations in input. The best hashing algorithms are designed so that it's impossible to turn a hash back into its original string.

Health Insurance Portability and Accountability Act (HIPAA): enacted by the United States Congress and signed by President Bill Clinton in 1996, it is a standardisation that regulates the protection of individuals’ private health information.

Hijacked: the process whereby an attacker takes control of an established connection while it’s in progress. The attacker intercepts transmissions and responds to them with false information.

Human Firewall: a  protective cybersecurity layer which is formed when all users recognise their role in keeping their organisation secure, and are trained to a point where they do not fall for any social engineering tricks. Security awareness training provides a crucial benefit by training users on how to prevent malicious activity and what to do in the event of such activity.

Hyperlink: text or objects in webpages, documents and emails that you can click on to display another webpage, document or a place in a document.

HyperText Markup Language (HTML): a programming language that tells your browser how to display the webpage and how it should behave when you view it. It is now used to create most websites, with each containing many HTML files (webpages) that link to each other and also to other pages on the Internet. HTML was created by Tim Berners-Lee when he invented the Web.

Hypertext Transfer Protocol (HTTP): the communication protocol used to connect to web servers on a network; the agreed-upon way information is formatted and transmitted over the World Wide Web. HTTP’s most important task is to define how web browsers should request and display data from websites, ensuring that all communication and exchange of information can occur on the Web.

Hypertext Transfer Protocol Secure (HTTPS): a set of rules for speedy retrieval and transmission of electronic documents over a secure connection. In the beginning, HTTP was adopted as the way information was exchanged over the Web, but once everyone knew how to exchange information, intercepting the exchanged information was easily figured out. The problem of keeping that information private was solved using HTTPS.

Identification Number: a number used by the governments of many countries as a means of tracking their citizens, permanent residents and temporary residents for the purposes of work, taxation, government benefits, health care and other government-related functions. Examples include ‘national insurance number’, ‘national identification number’ or ‘national identity number’.

Identity Theft: taking someone else’s identification number, date of birth, address and other important personal information to establish false credentials and commit fraud. An example would be a cybercriminal creating fraudulent credit card accounts and then racking up charges which are left unpaid, leaving the victim with the credit card debt and a ruined credit rating.

Incident Reporting: the process by which security events of any type are reported – often a part of an organisation’s policy.

Incident Response: the method by which an organisation responds to a security event, such as a breach involving a hacker who has penetrated the organisation’s network defences. An incident response plan details how to handle every type of compromise and establishes a set of protocols – a step-by-step policy – to mitigate further damage and increase the success of a timely recovery.

Information Security: the protection of information and information systems from unauthorised access, use, disclosure, disruption, modification, inspection, recording or destruction.

Information Technology (IT) Security Policy: the rules that a user must follow to keep themselves and their organisation safe from threats.

Information Workforce: the total pool of information workers; people who use information to assist in making decisions or taking actions, or people who create information that informs the decisions or actions of others.

Insider Threat: a threat to an organisation that comes from a person (or people) inside the organisation itself. This could be a current or former employee, contractor or vendor, or a close business associate who possesses sensitive organisational information that could be used maliciously to harm the organisation.

Internet: a global computer network of billions of interconnected devices.

Internet Protocol (IP) Address: similar to the street address for your home, IP addresses identify network computers. Similar to the street address for your home but for identifying network computers, it helps traffic flow between computers because each has its own unique address. An IP address is formatted as a series of four values separated by full stops: 172.16.254.1

Internet Security: the branch of computer security (which also includes mobile devices) that deals with internet-based threats.

iOS: an operating system used for mobile devices manufactured by Apple Inc. Both iPads and iPhones are iOS devices.

Jailbreaking: a device hack that provides users with unrestricted access to the entire file system of their mobile devices. While jailbreaking makes your device more open and gives you complete control over it, it may then be more vulnerable to attacks.

Java Exploit: a malicious application that allows hackers to remotely access your computer, letting them change files, steal personal information and install more unwanted software. Called a ‘Trojan horse’, this kind of threat must be sent to you by someone or carried by another program.

Kevin Mitnick: known as the ‘World's most famous hacker’, he is a very successful Fortune 500 security consultant, as well as part-owner and Chief Hacking Officer of KnowBe4. Based on his 30+ years of first-hand experience with hacking and social engineering, Kevin helped KnowBe4 to create its security awareness training.

Keylogger: a small bit of malware that logs what someone types on their keyboard and records the keystrokes in a special file called a keystroke log. Also known as a ‘keystroke logger’.

Link: a connection from a website, file or document that points to another location and is activated when you click on it.

Macros: a list of commands or instructions, usually text-based, that are grouped and can be run as a single command, which would allow you to create shortcuts to tasks that you repeatedly do in programs such as Microsoft Word, Excel and PowerPoint. Hackers exploit macros by convincing you to enable them in order to access your computer and run malware.

Malware: short for ‘malicious software’. An umbrella term used to refer to a wide range of viruses, worms, Trojans and other programs that a hacker can use to damage, steal from or take control of endpoints and servers. Most malware is installed without the infected person ever realising it.

Many Lives Triad: a concept that covers how information security exists in three areas of our lives (personal, professional, mobile) and how those lives continuously overlap.

Material Risk: material Risk means a capital-related adverse risk that significantly impacts an organisation’s overall risk profile and may affect its capital adequacy.

Media Drop: a technique used by hackers in which malware is loaded onto a USB drive, CD/DVD or another readable form of media, which is then left where it can easily be found or, in some cases, given away at public venues or trade shows. Once the victim loads the drive or disk, the malware does its work and will allow the hacker to commit attacks.

Misinformation: false or inaccurate information, especially that which is deliberately intended to deceive. Often forwarded to friends and family, not knowing that it is false.

Network: a set of computers connected for the purpose of sharing resources. The most common resource shared today is connection to the Internet.

Network Drive: data storage on a network that is not on the computer itself. Windows computers usually have drive C: as the local hard disk, but drive F: can also be a network drive where files are stored.

Network Sniffer: a device and/or software tool that monitors, or sniffs out, the data flowing over computer network links in real time.

North American Electric Reliability Corporation (NERC): a regulation whose mission is to ensure the reliability of the North American bulk power system.

OAuth: short for ‘open authentication’. An authentication standard that allows you to approve one application interacting with another on your behalf without giving away your password.

Open Web Application Security Project (OWASP): a worldwide, not-for-profit charitable organisation focused on improving the security of software.

Passcode: a string of characters that are entered to gain access to such things as a computer or smartphone.

Password Manager: software that generates and stores all logins and passwords using one master password, thereby eliminating the need for the user to remember multiple logins and passwords. It can be synced across multiple devices, and most come with autofill and auto-login capabilities on websites.

Patch: a set of changes to a computer program designed to update, fix or improve it (i.e. fixing security vulnerabilities discovered after a product was released for general use). A computer is ‘patched’ when it has had the latest patches installed.

Payment Card Industry Data Security Standard (PCI DSS): a standard created to increase controls around cardholder data to reduce credit card fraud.

Personal Data: any information relating to an identifiable person, such as a name, an identification number, location data or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

Personal Health Information (PHI): all recorded information about an individual that relates to that person’s health, healthcare history, provision of health care to the individual or payment for healthcare.

Personally Identifiable Information (PII): any information such as an individual’s name, identification number, date and place of birth, mother’s maiden name and biometric records that can be used on its own or with other information to identify, contact or locate a single person.

Phishing: the process by which cybercriminals try to trick you into giving out sensitive information or taking a potentially dangerous action, such as clicking on a link or downloading an infected attachment. They do this using emails disguised as contacts or organisations that you trust, so that you react without thinking first. It’s a form of criminally fraudulent social engineering.

Policy: a set of rules that specify what requirements must be met.

Pop-up: a (usually small) window that suddenly appears on a user’s computer screen.

Pretexting: a form of social engineering in which an individual creates an invented scenario to persuade a targeted victim to release information or perform some action. Pretexting can also be used to impersonate people in certain jobs and roles, such as technical support or law enforcement, to obtain information.

Privilege: the right of an account, such as a user or group account, to perform various system-related operations on the local computer, such as shutting down the system, loading device drivers or changing the system time.

Privileged Access: when an account, such as a user or group account, is granted permission to perform various system-related operations, such as shutting down the system, loading device drivers or changing the system time.

Privileged User: a user who, by virtue of function and/or seniority, has been given powers within the computer system, which are significantly greater than those available to the majority of users.

Processing: in the context of data protection laws and regulations, processing means any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.

Proven Practice: different from a best practice, in that a best practice is context-dependent and might not be ‘best’ in all cases, whereas a proven practice has been tried and proven to be effective in most cases.

Public Wireless Network: a wireless network in a public area that anyone can use.

QR (Quick Response) Code: a type of barcode consisting of small black and white squares arranged into a larger square. They can store long strings of data, such as web addresses, and can be scanned using the camera on a mobile device.

Quarantine: a function of antivirus software that isolates infected files on a computer's hard disk so that they are no longer capable of infecting their hosting system. The infected files can then either be deleted, or restored in the event that they were not malicious.

Radio-Frequency Identification (RFID): a way to store electronic information on a badge, tag, card or document that an RFID reader can read.

Ransomware: a type of malware that holds a computer hostage by blocking access, encrypting files or threatening to reveal sensitive data until a ransom is paid.

Red Flag: a warning of danger or a problem.

Remote Access Trojan (RAT): a piece of malware that hides in a computer and gives remote access to a cybercriminal who then controls (and really ‘owns’) your computer.

Responsible party: a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

Root: the name for the administrator or superuser role on a Linux/Unix-based system, including macOS.

Rootkit: a collection of files that is installed on a computer system to alter the standard functionality of the system in a malicious and stealthy way.

SarbOx: a United States regulation intended to protect investors from the possibility of fraudulent accounting activities by corporations. Short for the ‘Sarbanes-Oxley Act of 2002’.

Security Awareness Training: training that raises a user's awareness of potential security threats and how to avoid them. General security awareness training topics include best security practices, what to do if they encounter a security problem, and who to contact regarding security threats.

Sensitive Information: privileged or proprietary information which, if compromised through alteration, corruption, loss, misuse or unauthorised disclosure, could cause serious harm to the organisation that owns it. NOTE: For our purposes, the words ‘sensitive’, ‘confidential’ and ‘private’ all mean essentially the same thing.

Server: a computer that delivers data and services to other computers on a network. Servers can run software and store information. For example, web pages are stored on servers.

Short Message Service (SMS): a type of messaging common to most mobile phones, that allows users to send a message of up to 160 characters to another device. Commonly referred to as a ‘text message’.

Shoulder Surfing: the practice of physically spying on a user, usually by watching over their shoulder, to obtain their personal access information while they log in to an ATM, computer or other electronic device.

Smishing: phishing that occurs through text messaging. Short for ‘Short Message Service (SMS) phishing’.

SMS Spoofing: tricking or deceiving phone messaging systems or users by sending messages from a fake phone number or faking another user's phone number. As people are much more likely to read a message from a number that they know, hackers will often spoof numbers to trick recipients into taking an action that they would not usually take.

Social Engineering: the act of manipulating people into performing actions or divulging confidential information. Someone who attempts to do this is referred to as a ‘social engineer’.

Spam: unsolicited, unwanted email. About 70–90 per cent of email is spam.

Spear Phishing: a small, focused, targeted attack via email on a particular person or organisation with the goal of penetrating their defences. The spear phishing attack is done after research on the target and has a specific personalised component designed to make the target do something against their own interest.

Spoofing: tricking or deceiving computer systems or other computer users. This is typically done by hiding one’s identity or faking the identity of another user on the Internet. Email spoofing involves sending messages from a fake email address or faking the email address of another user. As people are much more likely to read a message from an address that they know, hackers will often spoof addresses to trick the recipient into taking an action that they would not normally take.

Spyware: an umbrella term for many ‘families’ of malicious software that send a computer user’s confidential data back to cybercriminals. Some examples of spyware are Trojans, adware and malicious toolbars.

Tailgating: a method used by social engineers to gain access to a building or other protected area. A tailgater will usually attempt to wait for an authorised user to open and pass through a secure entry point so that they can follow behind them.

Technical Vulnerabilities: a weakness in software or hardware that leaves a system open to attack.

Threat Landscape: the methods used by cybercriminals to break into your device and your organisation's network.

Torrent Sites: technology used to distribute files over the Internet. Torrent sites are used to share pirated films, music and other copyrighted files. A ‘torrent’ is short for ‘BitTorrent’.

Tradecraft: a set of techniques that hackers and social engineers use to gain illegal access to hardware or software, or to deceive humans.

Trigger: a condition that causes a virus payload to be executed, usually occurring through user interaction (e.g. opening a file, running a program or clicking on an email file attachment).

Trojan Horse: deriving its name from the Trojan Horse of Greek mythology, a program that masquerades as safe, hiding its true malicious intent, tricking an unsuspecting user into running or executing it. Once executed, it can allow cybercriminals to run their software on your computer. Common types of trojans are ransomware programs, credential theft and keyloggers.

Trojan Listener: a piece of malware that sits on the command-and-control server of a hacker and waits for an infected computer to ‘call home’ to it. It listens for the Trojan to call in.

Uniform Resource Locator (URL): the address of a resource on the Internet. When you type a web address (such as www.knowbe4.com) into your browser’s address bar, your browser translates that URL into an Internet Protocol (IP) address, such as 209.80.210.10 and takes you to the appropriate webpage.

Universal Serial Bus (USB) Drive: a storage device often used for penetration tests that can have malware on it that may expose a network to an attacker. It can also be called a ‘thumb drive’ or ‘flash drive’.

Vendor Email Compromise (VEC): a variety of Business Email Compromise (BEC) attack, by which attackers gain access to email accounts at a company in the supply chain, and then use the accounts to target that company’s customers.

Virtual Private Network (VPN): a technology that creates a safe connection over a less secure network, such as the Internet. VPN technology was developed to allow remote users and branch offices to access corporate applications, email and other resources securely.

Virus: a computer virus copies itself to another computer and infects files on that computer. Sometimes also referred to as a ‘file infector’ or ‘file virus’.

Vishing: phone-based social engineering, also sometimes referred to as ‘voice phishing’. Like phishing, vishing is when the hacker calls or leaves you voice messages and tries to con you into surrendering confidential information.

Web Browser: a software program that requests and retrieves information from websites. Also known simply as a ‘browser’. To keep it simple, when you type a web address such as www.knowbe4.com (also called a ‘URL’ or ‘Uniform Resource Locator’) into your browser’s address bar, your browser translates that URL into an Internet Protocol (IP) address (the address of a server on the Internet somewhere). The server that hosts that webpage then sends it to your browser. Examples include Google Chrome, Mozilla Firefox, Microsoft Edge or Safari.

Web Portal: the website of an organisation that allows you to perform certain functions, such as paying bills or other tasks.

Whaling: phishing attacks that target high-ranking executives at major organisations or other highly visible public figures. Also known as whale phishing.

Wi-Fi: a facility allowing computers, smartphones or other devices to connect to the Internet or communicate with one another wirelessly within a particular area.

Wi-Fi Hotspots: a physical location that offers wireless Internet access.

Wi-Fi Pineapple: a hacking device that advertises a false access point name such as BT Wi-Fi. The Wi-Fi Pineapple has two radios: one for you to connect to, thinking that it is BT Wi-Fi, and one that connects to the real BT Wi-Fi, so the device sits in the middle between you and the real BT Wi-Fi access point and sees and records everything that you do while you are online.

Wireless Access Point: a device that allows wireless devices to connect to a wired network using Wi-Fi.

World Wide Web (WWW): a collection of websites filled with information. These websites are searchable and connected to each other by links. Called ‘The Web’ for short.

Worm: a stand-alone malware software program that replicates itself quickly so that it can spread to other computers.

Zero-Day Attack: a computer threat that tries to exploit vulnerabilities that are unknown to others, undisclosed to the software vendor or for which no security fix is available. Also known as a ‘zero-day threat’.

Zero-Day Exploits: actual code that can use a security hole to carry out an attack. Used or shared by attackers before the software vendor knows about the vulnerability.

Zombie: a computer that has been compromised by a hacker, virus or Trojan Horse program and used to perform malicious tasks under remote direction.

---

Back to the top

 

Related content

Cyber Security SharePoint site

Security Awareness Training with KnowBe4