The Essential Cyber Security Glossary All SME's Should Know
We understand that the world of cyber security can seem daunting and extremely technical. To make some of the concepts we discuss, easier to understand, we’ve created this essential cyber security glossary. Designed, not to include every single cybersecurity term, but the basic ones anyone running an SME (small and medium enterprise) should know.
SME’s might think they are too small to be targeted by cyber criminals, but this is far from the truth. They are often considered easy targets, due to their lack of resources and understanding. To better protect your business from cyberattacks, here is our essential cyber security glossary to get to know.
Anti-virus software
Also known as anti-malware software, these are programmes that scan apps and files downloaded to your devices and blocks malicious ones.
Access control
Instead of having everyone in a company able to access all the information, access control only gives approved people the ability to access certain information.
Backup
Secure storage of all the data the company needs to function, kept separately, and updated regularly so it can be accessed in an emergency but not compromised as part of a cyberattack.
Business Continuity Plan
In case of a cyber security disaster, a Business Continuity Plan has all the information needed to keep the business going with as little disruption as possible.
CIA Triad
The concepts of confidentiality, integrity and availability are the core principles of cyber security. Getting to know these will help inform your decision making around cyber security.
Clone Phishing
A type of phishing attack where threat actors create nearly identical copies of legitimate emails or websites, tricking victims into revealing sensitive information, such as login credentials or financial data.
Cloud Computing
Resources such as storage and apps that are accessed via the internet and managed by a third party. This is different to have physical computing storage kept on site.
Compliance
Adhering to guidelines or laws designed for cyber security.
Cybersecurity
The practice of using plans, tools, and critical thinking to keep digital information safe from unauthorised access or exploitation.
DDoS (Distributed Denial of Service)
A type of cyberattack aimed at overwhelming a system, network, or service by bombarding it with excessive traffic from multiple sources, causing it to crash or become unavailable to legitimate users.
Encryption
The process of converting sensitive data into a coded language that can only be deciphered by authorised users.
Firewall
Software that stops unauthorised access to devices when they are connected to the internet.
Gap Analysis
Cybersecurity gap analysis identifies the differences between current security measures and best practices or compliance requirements, highlighting areas of concern that need improvement.
Malware
Refers to any software designed to harm a computer system, steal data, or disrupt normal computer operations. Types of malware can include viruses, spyware, and ransomware.
Man-in-the-Middle (MITM) Attacks
A cyberattack where a malicious actor secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.
Multi Factor Authentication
Multiple ways of proving credentials before gaining access to data. For example, having a password and an SMS code set up to fill in before accessing emails.
Network
A group of connected devices that can share resources and communicate with each other. If not properly secured against cyberattacks, the network can be used to infiltrate the multiple devices.
Passkey
A passkey is a digital credential used for authentication, designed to replace traditional passwords with more secure, phishing-resistant methods, often using biometric data or cryptographic keys.
Password
A complex combination of letters, numbers and special characters used as a method for keeping data secure to only those who know the password. Passwords should be strong and difficult for hackers to guess.
Password Manager
A programme that manages all the passwords for a user, creating, saving, and inputting them into the correct websites and apps. Password managers usually require only one master password to be remembered by the user end employs multi factor authentication to stay secure.
Patch Management
A patch is an update for software, operating systems, or apps that aims to fix a vulnerability or issue. Patch Management is the process of knowing and applying patches proactively.
Penetration Testing
Penetration testing, or pen testing, is a way of identifying vulnerabilities on a system or network by simulating and controlling a cyberattack.
Personal Data
From the UK GDPR “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Pharming
A cyber threat in which users are redirected to a malicious website that mimics a legitimate one, often used to steal sensitive information like usernames, passwords, and credit card numbers.
Phishing
Phishing is a cyberattack method where attackers impersonate legitimate entities via email, messaging, or websites to deceive individuals into providing sensitive information like passwords or credit card details.
Policy
A policy is a document that sets out guidelines on a project or process and can be used to hold people to account when agreed upon. A cyber security policy could lay out the rules for safe use of devices and digital data in a workplace that employees are expected to follow.
Principle of Least Privilege
This cybersecurity best practice principle advocates for granting users the minimum levels of access, or privileges, necessary to perform their job functions. This reduces the opportunities for exploitation across a whole business.
Ransomware
Ransomware is malicious software that encrypts a victim's files or locks their system, demanding a ransom payment to restore access, often causing significant disruption and financial loss. There is no guarantee that access will be restored if the ransom is paid.
Rootkits
Rootkits are a type of malicious software designed to grant a threat actor unauthorised access and control over a computer system, while concealing their presence from detection tools and the user.
Search Engine Phishing
A practice where attackers create fake websites optimised to rank high on search engine results pages. These sites appear in search results and lure users into providing personal information, believing they are accessing a legitimate service.
Social Engineering
The use of convincing lies to trick someone into giving out sensitive information or access to a system. Examples of social engineering tactics include phishing emails, phone scams, and impersonation.
Spoofing
Spoofing involves masquerading as a trusted entity by falsifying data, such as IP addresses, email addresses, or websites, to deceive and manipulate targets into divulging information or perform actions like making payments.
Threat Actor
An individual or group that poses a threat to a company's security. This could be a hacker or a malicious insider.
Vishing
Vishing, or voice phishing, uses phone calls to trick individuals into revealing personal information by impersonating a trustworthy entity like a bank or government body.
VPN (Virtual Private Network)
A VPN encrypts your internet connection, creating a secure tunnel for your data, which helps protect your online privacy and access region-restricted websites.
Vulnerability
A weakness in cyber security that can be exploited. An example of this is a password that is easy to guess or not having multi-factor authentication set-up.
Whaling
Whaling is a type of phishing attack targeting high-profile individuals such as executives or senior officials within an organisation, aiming to steal sensitive information or execute significant fraudulent transactions.
Cyber security is a complex and ever-evolving field, but by understanding some key terms and words, you can improve your security and protect your business from potential cyber threats. Now you’ve read our essential cyber security glossary, you should feel more confident on the concepts you need to protect your business with.
This is where IT support companies like Fuse Collaboration Services come in, helping SMEs to protect themselves from cyber threats. By ensuring your devices and systems have adequate protection against malware, training your staff to recognise social engineering scams, securing your networks, and using encryption to protect sensitive data, we help SME’s significantly reduce their risk of cyberattacks. Don't wait until it's too late – take action now to secure your business against cyber threats
About the author
Fuse is a Microsoft Partner, based in Northampton. We help organisations of all sizes to maximise IT efficiencies through the use of Microsoft cloud computing solutions.
