7 cybersecurity terms every hybrid employee should know

Remote and hybrid employees are key to preventing cyber attacks — but only if they know what to look for.

By Jared Lindzon — May 31, 2022

An employee working from home opens an attachment in an existing email thread with coworkers. Someone else quickly types in a URL to look something up while working on a project, without noticing they made a small typo. A new colleague receives an email that looks like it comes from a payroll company and responds with their Social Security number and bank account information.

Each of these scenarios could be just part of a normal day for an employee who spends most of their time working at a computer. But they’re also opportunities for a cyber attack that could wreak havoc for an entire company, its employees, and its customers. Now that more employees are working remotely for all or part of the work week, outside of the security of a company’s internal IT systems, the threat is even greater. In the first few months of the pandemic, cyber attacks on cloud infrastructure skyrocketed by 600%.

“Employees have a role to play, but more sophisticated attacks make it next-to-impossible to spot them,” says Ian Pratt, global head of security for Personal Systems at HP. “That’s why it’s key that employees feel empowered to inform IT when something looks off.”


RELATED: Learn the 4 most important things IT managers can do to protect hybrid workers


According to a study conducted by HP and Morning Consult, roughly half of remote workers believe that remote and flexible work would not be possible without the efforts of their IT department. IT, however, can only do so much to protect organizations from an increasingly sophisticated threat landscape.

“It’s a shared responsibility,” says Ashley Allocca, an analyst for cyber threat intelligence provider Flashpoint. “There are more threats if people aren’t properly instructed on how to keep up with good cyber hygiene.”

While remote employees don’t need to become experts in cybersecurity, it’s critical that they understand how to identify potential threats. Here are seven terms every remote or hybrid employee should understand in this new reality. 

1. Ransomware

Ransomware is a type of malware that prevents users from accessing files on a device or network until a ransom is paid to the attacker. It’s essentially a way for cyber criminals to hold your digital assets hostage, and is often perpetrated through email attachments, ads, links, or websites that lock users out of their devices until payment is made, typically in cryptocurrencies.

Two-thirds of the global IT organizations surveyed by Sophos reported being victims of some form of ransomware attack in 2021, a 78% increase from 2020. Keeping your operating systems, applications, and software up to date; using spam filters that scan or block suspicious emails and attachments; and backing systems up frequently are all tactics to help prevent ransomware attacks.

2. Spear phishing

Phishing is a type of cyber attack that attempts to trick users into clicking on a malicious link or download an infected email attachment. You can think of spear phishing as its more targeted cousin; attackers will actually do research on their targets to try and craft messages that look safe to them, often by posing as trusted sources. Phishing and its variants were the most prolific cybercrime type in 2021, according to the FBI, which received more than 324,000 reports of such attacks.

“Phishing attacks can really enable an actor to gain a foothold in the network, and they generally require much less technical acumen to perform, compared to other attack types,” says Allocca. Upon receiving a suspicious communication Allocca says employees should avoid responding and report it to IT right away.

“With the right communication and training, employees can become an organization’s strongest line of defense.”

— Ian Pratt, Global Head of Security, Personal Systems, HP

3. Spoofing

Spoofing is one of the many ways in which a spear phishing attack is perpetrated. Once the attacker has some sense of its target’s habits, they disguise themselves as a trusted source, often by changing an email address, name, phone number, or URL by just one letter, symbol, or number.  Unless the target is paying close attention, the subtle change can easily go unnoticed.

Once attackers convince their targets that these “spoofed” communications are from a trusted source, they can use that trust to ask for sensitive information, money, or trick them into downloading malicious software. When in doubt of an email, text message, phone call, or website’s authenticity, be sure to take a very close look at the address, and if you’re unsure, reach out to the supposed sender on a different platform to confirm the communication is real.

4. Pretexting

Like spoofing, pretexting is a type of attack in which cyber criminals assume a false identity, but this type of attack goes a step further. Instead of just assuming the identity of a known and trusted source, the attacker assumes the identity of some sort of authority figure or service provider by concocting a plausible situation.

For example, the attack could be perpetrated by someone claiming to be a bank representative checking on a suspicious transaction. More sophisticated attackers might even have some basic information about their targets — such as their name, phone number, and the last four digits of their bank card — which they can use to establish credibility when requesting more sensitive information, claiming they need it for verification purposes. That’s why it’s always important to confirm the identity of any unfamiliar caller or email asking for personal information for any purpose.

5. Typosquatting

Typosquatting, also referred to as URL hijacking, occurs when a malicious actor purchases a domain name that closely resembles a trusted brand’s website. It’s a more passive form of spoofing, but in this case, attackers are depending on users to misspell a website address themselves. If a user were to accidentally misspell the URL they are looking for, they might end up on a site that looks like the one they wanted to visit, but is actually set up to perpetrate an attack.

For example, website URLs like and have been used in the past to attack unsuspecting users intending to visit Some of these sites just want to serve up popup ads to bring in some advertising revenue; others will seek to install malicious software onto visitors’ devices. It might seem like a minor mistake, but it can have significant consequences, so always double check any address you type in manually before clicking “enter.”

6. Shoulder surfing

During the pandemic, laptops stayed put at home. But as employees move their devices back and forth between the office and home, travel for business, and set up temporary digs in other shared workspaces, there’s a greater potential for risk. Stealing sensitive data in these scenarios is as easy as glancing for just a beat too long over a would-be-target’s shoulder to spy what’s on their screen, where someone can pick up login credentials or a PIN code. Shoulder surfing, as it’s known, is a form of social engineering where an attacker attempts to gain secure info to later access devices or services. One way to get around this is with a product like HP Sure View, an integrated privacy screen that blurs what can be viewed from an angle and can be toggled on and off in less secure situations. 

7. Zero-click attack

Zero-click attacks, also known as “zero-click exploits,” require no action on behalf of the victim, meaning that even the most vigilant employee can fall prey. To make matters worse, these types of attacks often leave little trace behind, which makes detection extremely difficult.

Instead of relying on social engineering, these attacks depend on exploiting vulnerabilities in software applications, often messaging and voice calling apps. Once they get access, attackers can extract information or money from their targets in a variety of ways, such as installing ransomware or stealing customer or employee data. While individual employees may not be able to spot a zero-click attack, they can help prevent them by keeping their operating systems and apps up to date, only downloading apps from official app stores, and deleting any apps that are no longer in use.

“Threat actors will continue to target employees because they view them as the weakest link,” says Pratt. “But with the right communication and training, employees can become an organization’s strongest line of defense.”