Cybersecurity can feel overwhelming if you don’t live in the IT world, but understanding the language is the first step to protecting your organization.
As cyberattacks become more frequent and costly, public and affordable housing organizations are increasingly at risk, some spending hundreds of thousands, even millions, to recover from a breach.
Following a sharp rise in ransomware attacks across the U.S. in 2021, there was a brief dip in 2022. But in 2023, ransomware came roaring back, reaching unprecedented levels. The outlook for 2024 and on suggests housing organizations must stay alert and informed.
We’ve broken down 15 essential terms to help you navigate the cybersecurity landscape with more confidence.
A type of insurance that protects against cyber-related risks such as data breaches, cyberattacks, and other cyber-related events. Cyber liability insurance policies can include first- and third-party coverage options.
First-party coverage is designed to protect the insured organization against losses that result directly from a cyber attack or security breach.
Third-party coverage is designed to protect the insured organization against liability claims made by third parties as a result of a cyber attack or security breach.
A type of cyberattack in which an attacker gains access to a company's email system or email account and uses it to trick employees, customers, or vendors into transferring funds or sensitive information.
In a BEC attack, the attacker often poses as a high-ranking executive, a trusted vendor, or a supplier and sends emails that appear to be legitimate requests for payments, wire transfers, or changes to account information. The emails often contain urgent language and request that the recipient take immediate action without consulting with other employees or managers.
BEC attacks can be persuasive and often use social engineering techniques to gain the victim's trust. They can result in significant financial losses for the targeted company and damage its reputation and trust with its customers and partners.
Cybersecurity awareness training educates employees on recognizing and responding to cyber threats, such as phishing, malware, and social engineering attacks. This training aims to reduce human error, a leading cause of security breaches, by promoting best practices like identifying suspicious emails and safeguarding sensitive information. Regular training sessions help create a security-conscious culture within organizations.
A data breach is a security incident where unauthorized individuals access, steal, or disclose sensitive, confidential, or protected information. Breaches can result from cyberattacks, human error, or system vulnerabilities and may lead to identity theft, financial loss, and reputational damage. Protecting against data breaches involves implementing robust security measures and prompt incident response plans.
A cybersecurity technology designed to detect and respond to security threats on individual devices, such as desktops, laptops, and mobile devices. EDR solutions typically use a combination of behavioral analytics, machine learning, and threat intelligence to monitor endpoint devices for suspicious activity, such as unusual network traffic or attempts to modify critical system files. EDR is among the recommended security measures organizations can implement to help increase the chance of securing a cyber liability insurance policy.
Invoice fraud involves deceptive tactics where attackers trick organizations into paying fraudulent invoices. This can occur through impersonation of vendors, alteration of legitimate invoices, or submission of fake billing documents. Such schemes can lead to significant financial losses and are often facilitated by phishing or compromised email accounts.
Short for malicious software, malware is any software designed to harm, exploit, or otherwise compromise a computer, network, or user. Malware can come in many forms, including viruses, spyware, and ransomware, and can be delivered through infected email attachments, fake websites, or software downloads.
One of the most damaging types of malware is ransomware, which encrypts a victim's files or systems and demands payment (a ransom) to unlock them. Ransomware attacks are especially dangerous for housing organizations because they can halt operations, lock staff out of vital records, and even expose sensitive resident information.
A security measure that requires two or more forms of authentication to verify a user's identity, making it more difficult for attackers to gain unauthorized access to systems. MFA is among the recommended security measures organizations can implement to help increase the chance of securing a cyber liability insurance policy.
A passkey is a modern, secure alternative to traditional passwords. Instead of typing a password, users authenticate using a biometric method (like a fingerprint or facial recognition) or a device PIN. Behind the scenes, passkeys use cryptographic technology to verify identity without ever transmitting a password, making them much harder to steal or hack. Passkeys are phishing-resistant and often easier to use than complex passwords.
A passphrase is a longer, sentence-like string of words used for authentication. Unlike traditional passwords, passphrases are typically easier to remember and harder to crack due to their length and complexity. For example, "Sunshine walks in autumn leaves" is even more secure than a short, complex password like "S!n$3t". Passphrases enhance security by increasing entropy, making them more resistant to brute-force attacks.
A password manager is a secure software application that stores and manages your login credentials in one place. It helps generate strong, unique passwords for every account, reducing the risk of password reuse, a common security vulnerability.
Many password managers also include features like password strength analysis, secure sharing, multi-factor authentication, and encrypted storage for sensitive data such as credit card details and personal notes.
A penetration test, or "pen test," is a simulated cyberattack conducted by security professionals to identify and exploit vulnerabilities in a system. The goal is to assess the effectiveness of security measures and uncover weaknesses before malicious actors can exploit them. Penetration testing is a proactive approach to strengthening an organization's cybersecurity posture.
Social engineering is a type of cyberattack that relies on human interaction rather than technical hacking tools. Instead of breaking into systems with code, attackers trick people into handing over confidential information, like passwords or financial details, or into performing actions that compromise security.
A common form of social engineering is phishing, where attackers send emails or messages that appear to come from a trusted source (like a bank, coworker, or vendor) to lure recipients into clicking malicious links or providing sensitive information.
For housing organizations, social engineering attacks can lead to unauthorized access to resident data, fraudulent wire transfers, or the installation of malware on internal systems.
A vulnerability assessment is a cybersecurity check-up that scans your systems, networks, and software for known weaknesses, like outdated programs or misconfigured settings, and ranks them by risk. Unlike a penetration test, which simulates a real-world attack to exploit vulnerabilities, a vulnerability assessment identifies and prioritizes potential issues so you can fix them before attackers find them.
A security model that assumes no user or device can be trusted by default and requires strong authentication and authorization for all access to systems and data, regardless of whether the user is inside or outside the network perimeter.
Understanding cybersecurity vocabulary is just the beginning. The more you know, the more proactive and protected your housing organization can be. Encourage ongoing staff training, ask questions during cybersecurity discussions, and be proactive about reporting suspicious activity. Cybersecurity is everyone’s responsibility, and with knowledge comes the power to protect.
Visit HAI Group's Cybersecurity Center for additional resources:
Interested in Working With HAI Group? Our Account Services team is ready to assist you.
This article is for general information only. HAI Group® makes no representation or warranty about the accuracy or applicability of this information for any particular use or circumstance. Your use of this information is at your own discretion and risk. HAI Group® and any author or contributor identified herein assume no responsibility for your use of this information. You should consult with your attorney or subject matter advisor before adopting any risk management strategy or policy.
HAI Group® is a marketing name used to refer to insurers, a producer, and related service providers affiliated through a common mission, management, and governance. Property-casualty insurance and related services are written or provided by Housing Authority Property Insurance, A Mutual Company; Housing Enterprise Insurance Company, Inc.; Housing Specialty Insurance Company, Inc.; Housing Investment Group, Inc.; and Housing Insurance Services (DBA Housing Insurance Agency Services in NY and MI).