Stay safer online by leveling up your cybersecurity vocabulary

There will be a test. (There won’t, but you’ll be smarter.)
Closeup to macbook keyboard
To protect yourself online, first you have to speak the language.

With so much talk of viruses, data breaches, and ransomware, you’d be forgiven for never wanting to set virtual foot online ever again. But in today’s connected world, avoiding the internet is pretty much impossible. That’s why it’s important to know exactly what you’re facing when you connect.

Still, according to the Pew Research Center, less than a quarter of us know what incognito or private browsing means, for example. But that’s nothing a little knowledge can’t fix.

So check your anxiety at the door learning some key cybersecurity terms that will help you navigate the internet like a pro. When you’re done, you’ll be better-equipped to deal with all the threats the wilds of the web can throw at you.


Screenshot of dialogue box cookies management
Think of cookies as Hansel and Gretel’s crumb trail. Hopefully you won’t have to push anybody in an oven, though. David Nield

Besides being tasty snacks, cookies are small files lodged on your computer by most websites you visit. They tell the website specific details about you, like whether you’ve visited before, how you like to have the site set up (trending topics on a news site, for example), where in the world you are (to show you local weather or prices in the proper currency), and other information.

By themselves, cookies aren’t inherently dangerous or bad—they are there to make your experience easier and more seamless—and websites are only able to access the data they have gathered themselves. But that changes with so-called third party cookies, which can potentially be used to log your browsing activity over multiple sites, and more effectively target you with advertising.

But don’t worry—most browsers now come with options to block third-party cookies (sometimes known as cross-site trackers), or to block cookies completely. You should be able to find these options in the settings page for your browser—With Apple Safari on macOS, for example, choose Safari, Preferences, and Privacy. From the resulting dialog box you can Prevent cross-site tracking or Block all cookies.


HTTP, or HyperText Transfer Protocol, is the standard for coding websites and displaying them inside browsers. HTTPS, meanwhile, is the safer version of it—with the “S” at the end standing for “secure”—and the adopted protocol of most sites that display personal information, such as your email provider and bank.

On a technical level, HTTPS runs extra checks to make sure the website you’re viewing is actually the one you intended to visit. It also means that all the data sent to and from that site is encrypted, so anyone who intercepts the traffic between you and a HTTPS site won’t be able to make sense of it.

HTTPS is usually indicated by a padlock symbol on the left side of your browser’s address bar, and you should check for it when you’re visiting any kind of site where you need to log in or provide payment information. The good news is that today, most sites use this protocol to keep their users safe, so it’s highly likely you’ll run into that padlock a lot.

Incognito mode

Screenshot of incognito on google chrome
You’ll feel like a spy, but logging into Facebook in incognito mode doesn’t mean you’re anonymous. David Nield

All browsers today offer incognito or private mode, an option where your browsing history and website cookies aren’t logged. It will be as if you’re visiting a site for the first time, and your browser will have no record of you ever being there—as soon as you shut down an incognito window or tab, that browsing session never happened.

However, don’t overestimate the privacy you get with incognito mode. Unless you’re using a virtual private network (VPN), your internet service provider will still be able to see where you’re going on the web. And even though your browser will have no record of it, if you log into any site, like Amazon or Facebook, that site will know you’ve visited and may have made a record of what you did.

In other words, if you log in and spend an hour browsing Amazon in an incognito window, your browser will forget all about it, but Amazon won’t, so you might see advertising related to that session in the future.


You’ll see malware used as a catch-all term for various internet nasties—viruses, worms, Trojan horses, ransomware, and many other categories of threats. Essentially, it means malicious software—anything that’s designed with the express intention of causing damage or inconvenience.

As it is such a broad term, you’ll see it used extensively across the web. When you do, it’s worth trying to figure out exactly what kind of malware is being referred to, if any. It may do something as simple as change your browser’s default home page, or something as advanced as swiping sensitive financial data from your computer.

The best way to protect against malware is to keep your computer operating systems right up to date and make sure you have installed a robust set of security software tools.


Screenshot of email phishing security
It’s good practice not click on any links embedded in an email. Ever. David Nield

Phishing is a particular type of scam where the scammer will try to “fish” for your username and password. It usually happens when users click on a link on a text, instant message, or email that directs them to a compromised website designed to look like a genuine one. People who fall for phishing scams usually don’t see the difference between these sites and their bank’s site, for example, and provide their credentials thinking they’re logging into their accounts.

In times gone by, phishing emails would appear as badly formatted messages with a ton of errors and misspellings, making them easy to spot and avoid. Nowadays, they’re much more difficult to detect. Most modern browsers will detect suspect web links when you try to follow them, so it’s important to be on your guard, and keep your browser software up to date.

Most platforms have changed their protocols to avoid phishing, so now it’s rare for legitimate emails from your bank or sites like Amazon and Google to ask you to log in from a link in the message. Still, it’s good practice to be wary of any links sent to you over any platform, particularly when you don’t know the sender.

There’s more to be said about how to avoid phishing, and you can read a complete guide here.

Privacy policy

If you have any doubts about what a privacy policy is, know that it’s a contract between websites (or apps) and users that sets out how those platforms will use users’ data. Before you sign up for any new service, you should read through its privacy policy. For example, check out Google’s privacy policy, Apple’s, and Microsoft’s.

In these documents, you should find details about what types of data the platforms collect from you, and how that data is used—whether it’s shared with third parties, securely encrypted, stored in the cloud, or something else.

Unfortunately, privacy policies aren’t particularly easy to read (they’re usually long) or understand (they commonly use intricate legal terms), and their terms are generally as vague as possible to give tech companies and app developers room to maneuver. However, we’d still recommend scanning them for red flags (like unwarranted data collection), particularly when you’re signing up for new and lesser-known apps and sites.


Screenshot of a ransomware
Maybe that shady app you downloaded from your browser was not the best idea. Public Domain

Ransomware is a particular type of malware, one where systems get locked down and can’t be unlocked again until the victim has paid a ransom. This type of attack is difficult to get around, and can prove to be very lucrative for hackers.

Ransomware usually hits systems running old, badly protected software, so you can minimize the risk of getting hit by it by keeping your system software up to date. Also, be very cautious about anything you install on your smartphone or computer—it’s a good practice to only stick to the official Microsoft, Google and Apple app stores whenever possible.

Ransomware is another reason to make sure your important files and data are backed up somewhere else. If your system does get locked down by hackers, you’ll still be able to access your files without having to pay the specified ransom.

Two-factor authentication

Two-factor authentication is an extra layer of security for your online accounts, like Twitter or Google—it means you’ll need something else besides your username and password to log into a platform.

That something else is usually a code generated by an app on your phone, or sent to you via text message. Even if hackers get hold of your usernames and passwords, they won’t be able to log in without the codes on your phone. It doesn’t offer a 100 percent guarantee that you won’t be hacked, but it goes a long way to minimizing the risk.

You should enable on two-factor authentication (2FA) everywhere it’s offered, and most online accounts now support it: Facebook, Twitter, Instagram, Google, Apple, Microsoft, Dropbox, and more.

If you want to know more about two-factor authentication, we’ve also got a detailed guide for you.

Virtual Private Network or VPN

Screenshot of NordVPN for mac
Having a VPN is like traveling… only not. David Nield

A VPN is a piece of software that sits between your device (computer, tablet or mobile phone) and the internet. It places all your communications with the web inside an encrypted tunnel, which makes it much harder for anyone else to see what’s going on—whether that is your internet service provider or a coffee shop hacker.

Most VPN providers promise to delete browsing logs after they’ve disconnected you, but you still have to trust them to do so, since there are no guarantees. If you want to browse securely with a VPN, we’d recommend paying for a reputable service, particularly if you spend a lot of time on public Wi-Fi networks. If you’re considering getting one, That One Privacy Site is a good resource for starting your search.

But VPNs are not only about privacy. Because they connect you to an encrypted server somewhere in the world before you reach your final destination, another use of the software is to fool platforms into believing you’re in a different country—and that means being able to access geographically limited content, like the Netflix catalogue in France or even watch foreign TV at home.


Like a virus passed between humans, a computer virus can do some serious damage to systems, and jumps from host to host to spread its infection. The term is widely known, and is sometimes used interchangeably with malware—though to be precise, a virus is a particular type of malware.

A typical virus takes root on a system by tricking users into running malicious code, whether that’s via an email attachment, a pop-up in a web browser, or something else. Once in place, viruses can delete user data, replicate themselves and jump to other systems (usually via the installed email client), and open up back doors in systems for hackers to gain remote access.

Besides being extremely careful about what you download and install on your computer, you should keep macOS or Windows up to date. The Apple and Microsoft operating systems provide basic but effective antivirus protection, though there’s no harm in buying extra third-party software to batten down the hatches even further.