Cybersecurity alphabet soup: FTF, RDP, MFA (2FA), BEC, & SPF
This is part of an ongoing series covering common cybersecurity TLAs (three-letter acronyms) and terms that can seem incomprehensible. Even seasoned professionals struggle as different industries use the same acronyms to mean completely different things. To help clear up the confusion, we’re providing a list of common acronyms related to cybersecurity and cyber insurance, simple explanations, and key takeaways to help you tackle these risks! Click here to learn about OSINT, IOC, TTP, and C2.
The security world is rife with TLAs (three-letter acronyms) and other terms that can seem incomprehensible. Even seasoned professionals struggle as different industries use the same acronyms to mean completely different things — IP to a lawyer is intellectual property, but to a network engineer, it’s the internet protocol.
To help clear up the confusion, we’ve compiled a list of common acronyms related to cybersecurity and cyber insurance, along with simple explanations and key takeaways to help you tackle these risks!
Funds Transfer Fraud (FTF)
FTF is a type of payment fraud used by attackers to steal money by manipulating payment mechanisms like invoices or wire transfers. Attackers socially engineer someone into making a payment or changing payment details like the destination account, often using email or phone calls.
These may come from sources that appear to be legitimate such as an email from a known business partner whose email address was spoofed or an urgent phone call that necessitates an unusual transfer.
Security impact : The security breach here involves the social engineering attack and the resulting financial loss.
How to protect yourself : Defined procedures for handling payment changes are the primary defense, such as calling recipients on a known good number to confirm (never use the contact information provided in an email requesting a change). Verification procedures like defined two-party approval for transfers or required reviews for payment detail changes also help combat the issue.
Learn more: Read about FTF in the Coalition Learning Center.
Remote Desktop Protocol (RDP)
RDP, which allows a user to connect to a Windows computer remotely and control it as if they’re sitting in front of the screen, is a security nightmare.
RDWeb provides the same functionality but allows the user to connect using a standard web browser. RDWeb introduced some security benefits but has suffered several security failings and remains strongly correlated to the likelihood of a cyber attack, as we’ve seen in recent cyber claims.
Security impact : RDP is subject to a variety of attacks, including the ability for RDP connections to be intercepted and the ability to get a remote computer to execute unauthorized programs. Since the computer running RDP is inside your network, this allows attackers internal access.
How to protect yourself : Do not expose RDP or RDWeb directly to the internet; instead, it should only be accessible behind a virtual private network (VPN). Both the VPN and RDP or RDWeb should also require Multi-factor Authentication (MFA).
Learn more: Read about RDP in the Coalition Learning Center.
Two-factor and Multi-factor Authentication (2FA, MFA)
A user’s identity controls access to computer systems. For example, Alice is authorized to access financial data but denied access to HR data, while Bob has access to project data but not accounting or financial data. Both users have to prove their identities using an authentication factor — something they know (a password), have (a trusted company-issued laptop), or a measurement of some biological characteristic (a fingerprint).
Username and password is a standard authentication technique but unfortunately easy to steal. 2FA and MFA add a second factor, like a randomly-generated code from a smartphone app, in order to gain access.
Security impact : Unlike most terms explained here, this one’s a positive! Adding 2FA or MFA makes it significantly more difficult to gain unauthorized access to a user account. If a user is required to unlock their phone with a fingerprint to get a randomly-generated code, combined with their required password, then an attacker must steal three things to gain unauthorized access.
How to protect yourself : Turn it on and implement it anywhere supported. Many common web apps like social media, online collaboration, and cloud services have built-in MFA (note that Google Workspace calls it 2 Step Verification). For custom apps that don’t support MFA natively, third party services like Okta and Duo offer an easy-to-implement solution.
Learn more: Read about MFA in the Coalition Learning Center, including how to enable it on common business platforms.
Business Email Compromise (BEC)
BEC is a multi-pronged problem and one of the most prevalent data breach claims we see at Coalition. When an attacker accesses an employee’s email, this is known as BEC. To make matters worse, email is often a pathway to more severe attacks.
Think about all the things you use email for, like exchanging sensitive information or resetting passwords. Now imagine an attacker with those same capabilities.
Security impact : Email’s prevalence in our daily lives means BEC’s impact cannot be overstated. Customer data may live in email and be accessed by unauthorized attackers. Unauthorized access to other systems can be gained by sending password resets via email. BEC can also lead to additional malicious activity like FTF by sending fake emails requesting or redirecting payments from a legitimate account.
How to protect yourself : MFA is one of the most effective preventative measures against BEC because it makes it much more difficult to gain access. User training on anti-phishing measures is also useful, as BEC is often initiated by users giving up their username and password on a phishing site.
Learn more: Read about BEC in the Coalition Learning Center.
Sender Policy Framework (SPF)
Wear sunscreen. Not a security tip, just super useful advice. But that’s not the SPF we’re talking about here. SPF is a setting you can add to your domain (your-company-name-dot-com) to specify which email servers can legitimately send email for you. To put it simply, it prevents someone from setting up an email server and sending messages on your behalf.
Closely related to SPF are DomainKeys Identified Mail (DKIM) and Domain Message Authentication Reporting & Conformance (DMARC). In short, DKIM helps ensure emails aren’t altered in transit, while DMARC helps you specify how SPF and DKIM work together to secure your email. If this is too technical, don’t worry — check out this Coalition Learning Center article for specific instructions.
Security impact : Without properly-configured SPF, anybody can forge an email to look like it comes from you. With SPF in place, a recipient’s email client (like Gmail or Outlook) can identify if a message is legitimate or not, which can prevent phony emails from reaching users.
How to protect yourself : You’ll need two things to set up SPF. First is access to your domain hosting account (often with a service like GoDaddy or CloudFlare) and instructions from your email provider like Microsoft 365 or Google Workspace.
Learn more: Read about email security topics in the Coalition Learning Center, including: SPF ,DKIM, DMARC.
Making sense of it all
Security is fast-paced, and the terminology is a challenge. The acronyms and concepts in this guide are far from exhaustive, but explain some of the most common issues we see at Coalition in terms of questions, incidents, and insurance claims. Click here to learn about OSINT, IOC, TTP, and C2.
For specific questions or additional details, you can always reach us at help@coalitioninc.com. We are happy to set up time to discuss how to improve your security and reduce your cyber risk.
For 10 simple steps you can take today to protect your business, download the Coalition Cybersecurity Checklist.