Log in through the extension

LastPass is best experienced through your browser extension. Install LastPass for Firefox to automatically login to sites as you browse the web.

Install LastPass Close

Security

Learn the Basics of Cybersecurity Education and Terminology

Good cybersecurity practices are proactive, not reactive. Better understand the cybersecurity landscape so you can better protect yourself and your business.

Data breaches aren't a matter of if, but when

Your digital life has grown exponentially over the last several years. So have cyber-related risks.

82%

of breaches are caused by a human element, such as the use of stolen credentials or phishing.¹

$10

trillion dollars minimum estimated cybercrime damage costs in 2025.²

Stay ahead of the curve with cybersecurity education

There are four critical pathways to your estate: Credentials, Phishing, Exploiting vulnerabilities, and Botnets.¹ All four are pervasive in all areas of the DBIR, and no organization is safe without a plan to handle each.

It’s important you and your business understand the basic terminology around data breaches and hacks. Doing so can help you identify the warning signs of breaches, but it can also help you inform others of the risks to avoid. Moreover, businesses can use their knowledge to properly communicate with customers in a clear and timely method if a compromise ever occurs.

Understanding hacks – and how they’re talked about

Are you a consumer who’s unsure what a business is saying when notifying you of a past breach? Are you a business that wants to effectively communicate with your customers in the event of organizational data being compromised?

It’s important to realize that these terms are regularly misused – where people will refer to security incidents as hacks. As a best practice, review the details you'll communicate to others, and always get your information from a reliable publication.

Tip: look to the company or organization involved first and foremost for statements, blogs, information, and more as your source of truth.

Here’s the common attack terminology you should know:

img_icon_illustrative_dark-web-guy-spy-suspicious-visibility-watching-svg

Hacker/Attacker

An unauthorized user who attempts to gain access to an information system – the network where users create, share, and distribute information from their devices.

img_icon_illustrative_breach-shield-security-svg

Attack

Any malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information or information system resources.

img_icon_illustrative_login-weak-password-lock-breach-svg

Hack

An attempt to exploit an information system, computer system, private network, or device by using stolen credentials.

Common types of cyberattacks

  • Credential stuffing: the next step following a brute force attack, in which someone who already has access to an account’s username and password will use it for as many other sites, apps, etc. as possible. This is the risk of reusing a password – if one of your accounts gets breached, the rest are vulnerable.
  • Basic web application attacks (BWAA): attacks that directly target an organization's most exposed infrastructure, such as web servers.
  • Phishing: a form of fraud in which a bad actor masquerades as a reputable entity or person in email or other forms of communication – smishing (text or SMS), and vishing (voice call).
  • Ransomware: a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Ransomware has continued its upward trend with an almost 13% increase – a rise as big as the last five years combined.¹
  • Social engineering: The act of deceiving an individual into revealing sensitive information, obtaining unauthorized access, or committing fraud by associating with the individual to gain confidence and trust.
  • Supply chain attack: Attacks that allow the adversary to utilize implants or other vulnerabilities inserted before installation to infiltrate data or manipulate information technology hardware, software, operating systems, peripherals (information technology products), or services at any point during the life cycle.

Once again, it's important to note the differences here. Always go to the source of information to see how they are communicating and with what terminology so you can better understand the potential impact and next steps.

Cyberattacks may cause panic, but you can find power in knowing the correct terminology and how to use and comprehend it.³

Create a cybersecurity strategy

The best thing your business can do is to take the cybersecurity education you’ve gained and put it into action by creating a proactive plan. Your business can get started by implementing some of the following security measures:

  • Use a different, unique, and complex password for every online account created.
  • Turn on multifactor authentication (MFA) for services like your email, social media, online banking, work-related apps, etc.
  • Utilize data breach monitoring to keep an eye out for your credentials online, to ensure any compromised credentials are flagged and changed as soon as possible to avoid additional breaches.
  • Be proactive when interacting with the common signs of an attempted cyberattack – do not click on links from people you don’t know, do not open misspelled websites, do not engage with emails that are poorly written and from unknown addresses.
  • Run antivirus, endpoint protection, or antimalware protection software.
  • Regularly update your apps and operating systems (OS) to keep software up to date. 
  • Regularly backup of your critical data – either locally or to the cloud – to ensure you have an additional copy of your sensitive data in a safe place.

Sources used in this article

  1. 2022 Verizon Data Breach Investigations Report (DBIR)
  2. Secureworks Boardroom Cybersecurity Report
  3. NIST Computer Security Resource Center

Learn how LastPass protects your data against bad actors, poor password habits, and more

What if LastPass has a security incident, or gets hacked?

LastPass operates on a zero-knowledge security model. Zero-knowledge means that no one has access to your decrypted Master Password, vault or vault data except you. To ensure that only authorized access is granted to your vault, we use industry-standard mechanisms, such as AES-256 encryption and PBKDF2 hashing plus salting, to keep your Master Password safe.

LastPass also protects our infrastructure, by regularly upgrading systems and using redundant data centers across the globe to reduce the risk of downtime or a single point of failure. LastPass is market-tested and trusted by over 100,000 companies, including Fortune 500 and leading tech enterprises.

What are you doing to prevent LastPass from being hacked, ensuring my data is secure?

LastPass customers are protected through LastPass’ zero-knowledge security model, in which LastPass – by design – does not have access to your Master Password, vault, or vault data. This is an industry standard that all password managers should adhere to. In addition, LastPass implements several best practices to further protect you and your data, including but not limited to:

  • Certified compliance, such as SOC 2 Type II, SOC3, BSI C5, APEC CBPR and PRP Privacy Certification, TRUSTe Enterprise Privacy Certification, GDPR, and ISO/IEC 27001:2013.
  • Audits and Penetration Tests: LastPass employs trusted, world-class, third-party security firms to conduct routine audits and testing of the LastPass service and infrastructure.
  • Bug Bounty Program: LastPass welcomes and partners with security researchers to ensure continuous improvement.

How will I know if LastPass has been hacked or if an incident has occurred?

LastPass values transparency in its incident response procedures meaning you’ll receive honest and timely communication. Communication with users will depend on the incident, and those of the highest priority will include emails, blog posts, and social posts. Earning trust from our community is rooted in the ability to communicate effectively.

img_icon_illustrative_security-shield-svg

Security Hub

LastPass will always be transparent with customers. Explore your reference to all of of LastPass’ proactive security standards and practices.

Go to Security Hub
img_icon_illustrative_zero-knowledge-security-svg

Zero-Knowledge Security Model

LastPass is built with zero-knowledge security as a core feature to protect your vault – passwords, notes, and more – at all costs.

Learn more
img_icon_illustrative_resources-svg

Technical White Paper

Read about the technical and organizational measures in place at LastPass.

Read the White Paper

Breaches happen every day. Protect yourself with LastPass.

Free 30-day LastPass Premium trial and 14-day Business trial. No credit card required.